Location based enhanced routing

ABSTRACT

Data is generated to include restrictive routing information based on physical location. The data can then be transmitted and routed according to the restrictive routing information. The approach can include prohibiting the data from being transmitted to a network device located at a restricted physical location in accordance with the restricted routing information. Optionally the data can be destroyed if a network device receiving the data is located at a restricted physical location in accordance with the restricted routing information.

CROSS-REFERENCE TO RELATED APPLICATIONS

[0001] This application claims priority under 35 USC §119(e) to thefollowing U.S. Provisional Patent Applications: Serial No. 60/361,419,titled “A System for Network Definition Based on Device Location”, filedon Mar. 1, 2002; Serial No. 60/361,421, titled “A System to RegulateAccess as a Function of Device Location”, filed on Mar. 1, 2002; SerialNo. 60/361,420, titled “Systems and Methods to Define Location of aNetwork Device or a Networked Device”, filed on Mar. 1, 2002; Serial No.60/361,380, titled “A System and Method to Provide Security in a NetworkBased on Device Location Information”, filed on Mar. 1, 2002; Serial No.60/387,331, titled “Location Discovery and Configuration ProvisioningServer”, filed on Jun. 10, 2002; and Serial No. 60/387,330, titled“System and Method for Switch Based Location Discovery and ConfigurationProvisioning of Network Attached Devices”, filed on Jun. 10, 2002. Theentire contents of each of these applications are hereby incorporated byreference.

[0002] This application is also related to International ApplicationSerial Number titled “Location Aware Networking”, being filedconcurrently with this application. This International Application isalso incorporated herein by reference.

TECHNICAL FIELD

[0003] This description relates to determination and use of locationinformation within a data network.

BACKGROUND

[0004] Computing systems are useful tools for the exchange ofinformation among individuals. The information may include, but is notlimited to, data, voice, graphics, and video. The exchange isestablished through interconnections linking the computing systemstogether in a way that permits the transfer of electronic signals thatrepresent the information. The interconnections may be either cable orwireless. Cable connections include, for example, metal and opticalfiber elements. Wireless connections include, for example infrared,acoustic, and radio wave transmissions.

[0005] Interconnected computing systems having some sort of commonalityare represented as a network. For example, individuals associated with acollege campus may each have a computing device. In addition, there maybe shared printers and remotely located application servers sprinkledthroughout the campus. There is commonality among the individuals inthat they all are associated with the college in some way. The same canbe said for individuals and their computing arrangements in otherenvironments including, for example, healthcare facilities,manufacturing sites and Internet access users. A network permitscommunication or signal exchange among the various computing systems ofthe common group in some selectable way. The interconnection of thosecomputing systems, as well as the devices that regulate and facilitatethe exchange among the systems, represent a network. Further, networksmay be interconnected together to establish internetworks.

[0006] The process by which the various computing systems of a networkor internetwork communicate is generally regulated by agreed-upon signalexchange standards and protocols embodied in network interface cards orcircuitry. Such standards and protocols were borne out of the need anddesire to provide interoperability among the array of computing systemsavailable from a plurality of suppliers. Two organizations that havebeen responsible for signal exchange standardization are the Instituteof Electrical and Electronic Engineers (IEEE) and the InternetEngineering Task Force (IETF). In particular, the IEEE standards forinternetwork operability have been established, or are in the process ofbeing established, under the purview of the IEEE 802 committee on LocalArea Networks (LANs) and Metropolitan Area Networks (MANs).

SUMMARY

[0007] In a general aspect, the invention features a system thatassociates physical locations with network-linked devices in a networkto which such devices are connected. This system employs a variety oftechniques for establishing device location. The system configurationcan vary and can include any type of data network, including LANs, MANs,Wide Area Networks (WANs), Personal Area Networks (PANs), and HomeNetworks. The system provides location information for particulardevices to the network devices and management, and may be used in any ofa variety of ways to improve configuration accuracy, control, andsecurity. The location information may also be used to control or securea device itself.

[0008] Further features relate to mechanisms by which a network entrydevice and/or an intermediate device acquires location information.Those mechanisms include, generally, techniques for acquiring absoluteand relative location information. Absolute location information may beobtained using known geographical identifiers in a coordinate system,such as latitude and longitude, dead reckoning, Global SatellitePositioning (GPS) systems affixed to or proximate to the device to belocated, inertial locators, optical locators, and other techniques.Relative location may be obtained by vectoring from equipment having aknown location, or by vectoring from a known location. Relative locationalso may be obtained from triangulation from known radio-based oroptical-based locations, by phased array searches to define a range oflocations, or by signal strength attenuation mapped to a range oflocations. Other techniques may be employed to fix the position of adevice of interest.

[0009] The device can determine its own position and relay thatinformation to applications within the network at start-up, uponconnection, or when queried, or the system can determine the location ofthe device and store that information and give it to the device ifappropriate and useful. Both absolute and relative location informationcan also include a level of trust parameter to determine whether thelocation information is reliable and can be trusted by the system. Oncethat device location is fixed, by absolute or relative means, andassociated with the device in an identifiable way, such as a file orprogram argument, the device location can be used in any number of waysto enhance the operation of, and services provided by, the system. Forexample, anywhere user credentials are required, the location of adevice can be required. In other words, the location of a device becomespart of the required credentials.

[0010] In one aspect, there is a method including generating dataincluding restrictive routing information based on physical location. Inother examples, the method can include the following features. Themethod can further include transmitting the data in accordance with therestrictive routing information. The method can further includedestroying the data if a network device receiving the data is located ata restricted physical location in accordance with the restricted routinginformation.

[0011] The method can include prohibiting the data from beingtransmitted to a network device located at a restricted physicallocation in accordance with the restricted routing information.

[0012] The method also can further include prohibiting the data frombeing accessed by a client device located at a restricted physicallocation in accordance with the restricted routing information. Therestricted routing information can include a prohibited physicallocation. The restricted routing information can include a permittedphysical location. The data can include a data packet, a file, and/or adocument.

[0013] In another aspect, there is a method including generating datafor transmission via a network, the data including a physical locationtag.

[0014] In yet another aspect, there is a method including receiving dataat a first network device and prohibiting transmission of the data to asecond network device based on a geographic physical location of thesecond network device.

[0015] In another aspect there is a method including receiving data at adevice and prohibiting access to that data based on a physical locationof the device.

[0016] In yet another aspect, there is a system including networkdevices and data. The network devices have associated physicallocations. The data includes restrictive routing information based on aphysical location. In other examples, the system can include thefollowing features. The system can further include a physical locationserver having a storage module configured to store the associations ofnetwork devices with their respective physical locations. Each networkdevice can include a storage module configured to store the associationof that particular network device with its respective physical location.Each network device can include a location module configured to transmitthe data in accordance with the restrictive routing information. Eachnetwork device can include a location module configured to destroy thedata if the respective network device receiving the data is located at arestricted physical location in accordance with the restricted routinginformation.

[0017] Each network device also can include a location module configuredto prohibit the data from being transmitted to another network devicelocated at a restricted physical location in accordance with therestricted routing information. Each network device can include alocation module configured to prohibit the data from being accessed by aclient device located at a restricted physical location in accordancewith the restricted routing information. The restricted routinginformation can include a prohibited physical location. The restrictedrouting information can include a permitted physical location. The datacan include a data packet, a file, and/or a document.

[0018] In another aspect, there are data including restrictive routinginformation based on physical location. The data can further include aheader that includes the restricted routing information. Thisinformation may be represented explicitly, or using a tag to identifythe information, for example, according to a registry of locationinformation. The restricted routing information can be included in thenetwork layer and/or in the transport layer. The restricted routinginformation can include prohibited physical locations. The restrictedrouting information can include permitted physical locations. The datacan include a data packet, a file, and/or a document.

[0019] The details of one or more examples related to the invention areset forth in the accompanying drawings and the description below. Otherfeatures, objects, and advantages of the invention will be apparent fromthe description and drawings, and from the claims.

DESCRIPTION OF DRAWINGS

[0020]FIG. 1 is a block diagram of an example system with locationinformation;

[0021]FIG. 2 is a block diagram of an illustrative process employinglocation information;

[0022]FIG. 3 is a block diagram of another illustrative processemploying location information;

[0023]FIG. 4 is a block diagram of another illustrative processemploying location information;

[0024]FIG. 5 is a block diagram of another illustrative processemploying location information;

[0025]FIG. 6 is a block diagram of another illustrative processemploying location information;

[0026]FIG. 7 is a block diagram of another illustrative processemploying location information; and

[0027]FIG. 8 is a block diagram of another example system with locationinformation.

[0028] Like reference symbols in the various drawings indicate likeelements.

DETAILED DESCRIPTION

[0029] 1.0 Overview (FIG. 1)

[0030] Referring to FIG. 1, a location-aware system 100 operates andprovides network-based services to users according to locations ofdevices that use or are part of the network associated with system 100.System 100 includes an infrastructure 101 that includes multipleswitching devices, some of which are connected to connection points(e.g., 160 a-i) of infrastructure 101. System 100 employs both hardwareand software (e.g., an application executing on server 134) to providelocation-aware services described below. A location of a device canrelate to the physical location of the device, which can becharacterized in a variety of ways including as grid or map coordinates(e.g., latitude, longitude, and elevation), a geographic region, or interms of building structures, such as coordinates on a particular floorin a building or a room number in a building. A device can be externalto infrastructure 101 of system 100, such as user devices 104 a and 104b. A device also can be internal to infrastructure 101, such as networkentry devices 114 a-b (sometimes referred to as switches or edge devicesof the network), and a central switching device 136 (e.g. a router). Thenetwork entry devices 114 can include and/or be associated with wirelessaccess points 120 a-b. The wireless access points 120 can be individualdevices external to the network entry device 114, such as 120 a and/orinternal to the entry device 114, such as 120 b.

[0031] Some of the devices internal and external to infrastructure 101include a location module 185. The location module 185 includesfunctionality, as described in more detail below, that makes a devicelocation-aware. In one example, this functionality includes a locationdatabase to store location information, protocol to communicate locationinformation to other devices, and rules to enforce location-basedpolicies (e.g., to enable policing based on location information). Thisfunctionality can also include the algorithms and processes necessary todetermine the location of a device using the techniques describedherein. Location module 185 can be implemented in the hardware and/orsoftware of system 100. For example, particular software applicationsexecuting on the devices can provide/enforce the location functions, theoperating system of any of the devices can provide/enforce the locationfunctions, and/or hardware modules, such as programmable arrays, can beused in the devices to provide/enforce the location functions.

[0032] To make use of a device's location, system 100 first determinesthe location of that device. System 100 uses different techniques todetermine the location of a device depending on whether the devicecommunicates with other devices using a cable-based transmission medium112, or a wireless transmission medium 119. Cable-based transmissionmedium 112 refers to a constrained transmission medium such as anoptical cable, an electrical wire, and the like. Such a cabletransmission medium can provide single to many connections (shared)and/or a point-to-point (dedicated) connection between two devices. Acable-based medium 112 can be considered as part of infrastructure 101of system 100. Typically the medium 112 is installed in such a way thatit is not easy to modify the medium's physical location. For instance,cables are lead through walls and conduits in such a way that theconnection points (e.g., the jacks) are in fixed locations. Wirelesstransmission medium 119 refers to a transmission medium in a free space,such as though free air. Wireless transmission medium 119 generallyrelates to any communication where the transmission medium is air, forexample, radio-based communication. For instance, radio communicationaccording to the IEEE 802.11 standard uses a wireless transmissionmedium 119. Other wireless communication using wireless transmissionmedia relate to use of optical communication (e.g., infra red, lasers,and the like) and/or other communications through air such as acousticand mechanical waves. Wireless media are characterized by a much greaterrange of possible locations in which communicating devices may belocated. For example, in the case of an IEEE 802.11 based network, amobile device may be able to communicate with a wireless access point120 hundreds or even thousands of feet away depending on theenvironment.

[0033] In the illustrated system 100 of FIG. 1, user device 104 aconnects to infrastructure 101 using cable 112 through connection point160 a (e.g., a jack in a wall). Similarly, network entry devices 114 a-band central switching device 136 connect to each other using a cable toconnection points 160 b-g. In a portion of a data network employingcables, a connection point (e.g., 160 a-g) is the terminus of the cablewhere a device physically attaches. A connection port (e.g., 113) is thephysical port through which a network client communicates.

[0034] As described above, the connection points associated with a cableare generally fixed in location. The locations of these connectionpoints are determined, for example, when the cable is installed.Location information includes an association of a connection point withits corresponding location. System 100 stores the location informationin location module 185. The location module 185 can store the locationinformation using a location database. In an example of a centralizedapproach, system 100 stores the location information for all of theconnection points of the network of system 100 in location module 185 ain location server 134. In an example of a distributed approach,described in more detail in the alternatives section below, system 100stores the location information for all of the connection points, or aportion of the connection points, in each of the location modules 185a-d. In one approach to determining the location of a device, system 100determines the connection point (e.g., 160 a-g) through which the deviceis connected to network infrastructure 101 and finds the stored locationinformation in location module 185 corresponding to that particularconnection point.

[0035] A device using wireless transmission medium 119 connects toinfrastructure 101 through connection points 160 h-i, for examplecommunicating from the device's transceiver to the wireless accesspoints 120 a-b of network entry devices 114 a-b, respectively. Thesewireless connection points 160 h-i, similar to connection points 160a-g, are also generally fixed in location. The location of a user device104 connected to a wireless connection point 160 h-i, however, can bedynamic. The location of user device 104 b changes as user device 104 bmoves. Stationary wireless connection points 160 h-i may no longer be incommunication with user device 104 b as user device 104 b moves away,thus no longer being connection points for 104 b after a certain periodof time.

[0036] In one approach to determining a location of a device usingwireless transmission medium 119, system 100 determines the location ofuser device 104 b relative to typically multiple network devices (e.g.,120 a and 120 b) that receive transmitted signals from user device 104b. System 100 uses signal characteristics, such as relative time delayor signal strength of the signal received at the different networkdevices in combination with the known location of the wireless accesspoints 120 a-b. System 100 optionally uses other known boundaries, forexample walls within a building, to further limit the location of anarea, relative to the wireless connection point (e.g., 120 a or 120 b),within which that user device 104 is operating. System 100 stores thelocation information corresponding to wireless user device 104 b inassociation with one or more of the connection points 160 h-i inlocation module 185 (e.g., 185 a in an example of a centralizedapproach). The system 100 updates the corresponding location informationas user device 104 b moves.

[0037] Having determined the location of a device, system 100 employsthat location information in a variety of ways. System 100 can provisionand configure devices within infrastructure 101 or external toinfrastructure 101 according to their locations as devices are added ormoved. This enables a network device, in an automated fashion, to learnof its location and based on its location, configure itself, operate ina certain manner and enforce certain location-based rules. For example,network entry device 114 a can be replaced with a new network entrydevice that, once connected, learns its location, and its configurationand rules of operation based on that location, in an automated fashionfrom location server 134.

[0038] System 100 is able to enforce certain restrictions, on an initialand continual basis, based on locations of devices. System 100 canrestrict access to the network or data stored on the network based onthe location of user device 104. For example, system 100 restrictsaccess to accounting databases to only user devices 104 located withinthe accounting department offices (e.g., within certain coordinates of acertain floor of a certain building). Further, system 100 can alsoperiodically and/or continually police these restrictions so that a userdevice 104 cannot authenticate based on being in one location, and thentry to access restricted services at another unauthorized location basedon that authentication. Location can also be another parameter, forinstance in addition to a user identification or a device type, that isused for allocation of network resources, such as speed and quality ofservice (QoS).

[0039] System 100 also restricts flow of data through infrastructure 101based on location restrictions of that data. For example, the system 100can restrict data from the accounting databases to stay within theaccounting department offices (e.g., an area defined by certaincoordinates). In one approach to implement such restrictions, the datahas a tag that contains the location restrictions (e.g., permittedand/or prohibited locations). For example, the application generatingthe data and/or the server generating a data packet to transport thedata over the network can add this tag while generating the data and/orpacket. Devices and applications within system 100 enforce thoserestrictions by not allowing the data to be routed to a device outsideof the permitted location, by destroying the data if it is in a locationoutside of the permitted location, and/or denying access to (e.g.,reading, opening) the data outside a permitted location.

[0040] System 100 is also able to provide other services andapplications that employ the location information. For example, system100 can use the location information in emergency situations, where adevice may be an alarm or sensor. System 100 determines the location ofthe alarm device and transmits the location information to a partyresponding to the alarm. System 100 can also use location information torecover a stolen user device 104. As the stolen user device 104 accessesthe network, system 100 determines the location of the stolen device andtransmits the location information to a party seeking to locate thedevice. System 100 can track mobile user devices (e.g., 104 b) and thuscan also track anything associated with that user device (e.g., theuser, a file, a physical object, and the like). System 100, through theuse of location information, can provide these and other services andapplications. The sections below provide more detailed examples of thedevices and techniques described in the above overview.

[0041] 2.0 Locating Devices Overview (FIGS. 1, 2, and 3)

[0042] In determining the location of a device, system 100 employs oneor more of a number of mechanisms/techniques so that locationinformation can be verified and trusted by system 100. One generalcharacteristic of these mechanisms is that devices or applicationswithin infrastructure 101 do not necessarily trust devices outsideinfrastructure 101, even if those outside devices declare that they areat certain locations. That is, the determination of the location of adevice is preferably based on information that is obtained directly bysystem 100 using network infrastructure 101, rather than supplied by adevice itself. System 100 uses various approaches to obtain informationto use when determining the location of a device communicating with thenetwork, with some specific approaches being applicable to cable-basedor wireless transmission media.

[0043] In general overview, for wireless devices (e.g., devicescommunicating via a wireless transmission medium), system 100 maintainsinformation that is used to locate the devices based on thecharacteristics of wireless communication between typically multipledevices (e.g., 120 a and 120 b) in network infrastructure 101 and awireless user device (e.g., 104 b). Generally this approach is referredto as triangulation, with the understanding that this includes allvarieties of remote location determination and approximation includingthose based on variations in time delay, signal strength, anddirectionality of signals based on the location of a wireless device,and including both analytical or model-based approaches as well asapproaches that are based on prior measurement and recording oftransmission and propagation characteristics at various locations.

[0044] For devices connected via cable, system 100 maintains informationthat characterizes the locations of the cable connection points, forexample in a location database stored in location module 185. Such adatabase is populated and maintained in a variety of ways. For example,once network infrastructure 101 has been physically arranged, a surveyof all the cable connection points can be undertaken to record thephysical location corresponding to each cable connection point 160 andits corresponding connection port in network infrastructure 101. Then,as a device or the-network infrastructure identifies a cable connectionpoint 160 to which the device is connected, system 100 uses the locationdatabase to determine the location corresponding to the identifiedconnection point. The connection points are identified using a uniqueconnection point ID. The value of the connection point ID can be, forexample, a number, a text string, or a combination of infrastructurepertinent information.

[0045] After determining the location of a device using one of thesetechniques, in one example system 100 maintains the location informationcentrally on the location server 134 in the location database inlocation module 185 a. In the case of wireless devices, system 100dynamically modifies the location of the device stored in the locationdatabase as the device moves. System 100 can track the user deviceitself, and/or the closest network entry device (e.g., 114) throughwhich the wireless user device communicates. With the devices thatcommunicate via a cable, system 100 updates the location database if andwhen a device is moved from one cable connection point (e.g., wall jack)to another. The devices communicate the location information to eachother using a protocol using layer 2 (the data-link layer) or layer 3(the network layer) of the Open Systems Interconnection (OSI)communication model. For example, the devices communicate with eachother using IP version 4. Other layers and protocols can also be used.Additional and alternative mechanisms for locating devices are describedfurther below in the alternatives section.

[0046] 2.1 Techniques for Determining Location of Connection Points(FIG. 1)

[0047] Following below are examples of more detailedmechanisms/techniques to determine the location of the connectionpoints, thus determining the location of the devices employing thoseconnection points. The detailed descriptions of various mechanisms aredivided into those mechanisms most applicable to wireless connections(i.e., connections using a wireless transmission medium) and thosemechanisms most applicable to cable connections (i.e., connections usinga cable-based transmission medium), although in general, mechanisms maybe applicable to both types of connections. There can be examples whenthe mechanisms can be applicable to other types of connections (e.g.,mechanisms for cable connections can be applicable for wirelessconnections).

[0048] 2.1.1 Wireless Connections (FIG. 1)

[0049] Referring now to some detailed techniques for wirelessconnections, as described above, two example types of wirelesscommunication chosen to illustrate these techniques are via radiofrequencies or infrared frequencies. System 100 can employ differentmechanisms for each of these types of communication. System 100 canemploy a first group of mechanisms/techniques for identifying thelocation of a device (e.g., 104, 114) that communicates via radiofrequencies. For example, system 100 triangulates the location of adevice using one or more wireless access points, such as 120 a-b,associated with network entry devices 114, such as 114 a and 114 b,respectively, as shown in FIG. 1. As another example, system 100determines a device's location based on the proximity to an entrydevice. Following below is a listing of various techniques system 100can employ to determine the location of a wireless device.

[0050] System 100 can employ a number of known triangulation techniques,including the use of signal strength, angle of arrival, and relativetime delay approaches. System 100 can employ off-frequency searching,such as by frequency hopping for short periods of time to detectstations on frequencies alternate to that employed for data exchange.For example, wireless access point 120 a can operate at a firstfrequency f1. Wireless access point 120 b can operate at a secondfrequency f2. Periodically, and for a relatively short period of time,wireless access point 120 a operates at the second frequency f2 todetect and determine signal characteristics of a device communicatingwith wireless access point 120 b. Similarly, wireless access point 120 bperiodically and for a relatively short period of time operates at thefirst frequency f1 to detect and determine signal characteristics of adevice communicating with wireless access point 120 a.

[0051] System 100 can employ phased-array searches for lobe-basedtriangulation. That is, a radio antenna of the network entry device isdirected to maximize or at least optimize lobe location as a searchbeacon. Such lobeing or lobe steering may be a staged process in whichnetwork entry devices 114 make broad sweeps to get rough locationinformation, which may be sufficient in some situations. Network entrydevices 114 can fine-tune the sweeps, if desired, with narrower lobes,to get a more accurate location. System 100 also can conductphased-array antenna searches at off-frequency conditions (e.g.,frequency hopping combined with directional searching).

[0052] System 100 can perform calculations to approximate distance froma known access point (e.g., 120 a-b) as a function of signal strengthattenuation (e.g., the signal is at x strength so the device must belocated in a range of y-z feet away). In addition to calculations,system 100 can also search stored associations of signal characteristicsand their corresponding locations. This information can be stored in asignal characteristic database. A network administrator generates thissignal characteristic database by measuring predefined signalcharacteristics at different locations and storing the measuredcharacteristics for each of the locations. When subsequently determininga location of a user device, if system 100 detects a signalcharacteristic identically corresponding to a location, system 100determines that the user device is at that corresponding location. Ifthe signal characteristic is not identical, system 100 can use multipleentries within the database to extrapolate the user device locationinformation based on the stored signal characteristic and locationassociations. This technique is sometimes referred to as RF training.

[0053] Using multiple frequencies and/or connection-points and/orantennas may improve the accuracy of location derivation techniques. Forexample, if the same access point is used at different frequencies,system 100 can use the error in location information among the differentfrequencies to infer location more accurately. In addition, the use ofmultiple access points (e.g., signals from user device 104 b received at120 a compared with signals received at 120 b) may improve relativelocation accuracy in a type of triangulation or averaging of signalstrength indicators. System 100 can employ multiple antennas for thatpurpose. Multiple antennas (not shown) may also be used to assert a lineof bearing. In that case, the relative separation of the antennas andthe accuracy of the known spacing both may provide improved locationaccuracy. System 100 also can employ ultra wide band waves to determinerelative location of one or more devices. As the accuracy of thelocation derivation increases by using these improved techniques, system100 can assign a higher value for the level of trust parameterassociated with that location.

[0054] System 100 also can use signal amplitude differential from thenetwork entry devices 114 a and 114 b to determine relative location ofuser device 104 b with respect to an antenna on network device 114 a or114 b. System 100 can combine techniques, such as using signal amplitudedifferential combined with the phase differential techniques describedabove to determine location. The location techniques described are notlimited to any specific type of antenna technology. System 100 canemploy an antenna associated with a wireless access point 120, or anantenna associated with a stand-alone device, including, but not limitedto, a personal digital assistant or a laptop computer, designed to relayinformation to a network-related device employed to calculate relativelocation from received data. One or more antennas can be deployed in oneor more wireless access points 120. System 100 can also vary and limitthe transmission strength of the wireless access points 120, so thatsystem 100 can determine and control a radius of relative location basedon the radius of operation due to the limited transmission strength.This relative location can be further limited from the radius ofoperation by other physical barriers such as walls and non-accessiblelocations within the radius of operation.

[0055] System 100 also can employ a second group of mechanisms foridentifying the location of a wireless device (e.g., 104, 114) thatcommunicates via optical technology, such as infrared light waves andlasers. More specifically, the use of an infrared transmitter andreceiver can limit the actual distance user device 104 b can be from anetwork entry device 114 a or 114 b, similar to the limited transmissionstrength above. Thus, system 100 determines a relative position of userdevice 104 b using that maximum distance limit as a radial boundary fromnetwork entry device 114 a or 114 b. Further, a line-of-site requirementfor infrared can limit the boundaries further, although reflectivedevices can be used to alter such limitations. As described above,system 100 can use physical barriers, such as walls, to limit thedetermined boundaries of the allowable locations of the infrared device.

[0056] System 100 uses the techniques above for radio and infraredcommunications to determine the location of a wireless device. Asdescribed in more detail below, system 100 may use the above techniquesto determine the absolute location of wireless user device 104 b itself,or use the above techniques to determine a relative location,determining whether wireless user device 104 b is closer to wirelessaccess point 120 a or 120 b and using other known parameters, such astransmitter strength and physical barriers. The location informationgathered by system 100 (e.g., via access points 120 a and 120 b) usingthe above techniques may be considered trusted information if thenetwork-controlled devices (e.g., access points 120 a and 120 b)collecting the information are trustworthy. The devices are consideredtrustworthy if, for example, they are part of infrastructure 101 andcannot be accessed, moved, and/or modified by anyone except authorizednetwork administrators. Instead of receiving a location from a wirelessdevice and relying on that received information as accurate, system 100verifies the location of a device itself using one or more of the abovetechniques. Determining location information for an authenticated userby trustworthy devices (e.g., a device within infrastructure 101 thatcannot be altered) enables system 100 to assign to the locationinformation a higher value for the level of trust and enables greatersecurity in the permitted access to system 100 as described in moredetail below.

[0057] 2.1.2 Cable Connections (FIG. 1)

[0058] Referring now to some detailed techniques/mechanisms to determinea location of a device using cable connections, system 100 can searchlocations of connection points previously stored in a location databaseand/or system 100 can use characteristics of signal propagation througha cable-based transmission medium. In one example, system 100 searches alocation database to find the location of a connection point to which adevice is connected. The database is located in location module 185 oflocation server 134. As described below, system 100 assigns a uniqueidentifier to each connection point 160. When a device connects tosystem 100, system 100 determines the unique identifier of the cableconnection point to which that device is connected. System 100 searchesthe location database to find the connection point with that uniqueidentifier and uses the location that corresponds to that connectionpoint. To use this technique, the location database is populated whenthe cable connection points are installed and/or when the connectionpoints are first used.

[0059] The process to generate the database can be manual and/orautomated. In an example of a manual process, a network administratorenters the unique identifier for each connection point and itscorresponding location in the location database. For example, thenetwork administrator uses a map (e.g., floor plan, office layout, andthe like) to determine the location information of each of the installedconnection points. The location information obtained from the map andentered into the location database can include coordinates of theconnection point (e.g., lat 42°, long 48°), a string-description of theconnection point (e.g., room ten, first floor, building one) and thelike.

[0060] In an example of an automated process, system 100 uses userdevice 104 with its own location determining system (e.g., GPS) toprovide system 100 with location information as user device 104 isconnected at each connection point 160. The system 100 can employ atrusted user device (e.g., a user device with no/low probability ofproviding false location information or always under control of anetwork administrator) or an untrusted user device (e.g., a device notunder the control of the network administrator).

[0061] With an untrusted user device, system 100 can attempt toindependently verify the location information received from theuntrusted device. For example, if the untrusted device can use bothcable-based and wireless transmission media (e.g., a laptop with anetwork card and a wireless transmitter or infrared port), system 100can use one or more of the wireless techniques above to verify thelocation of the device while the device communicates using a cableconnection point. System 100 can also use one or more of the signalcharacteristic techniques below to verify the location of the devicewhile the device communicates using a cable connection point.

[0062] With a trusted user device with its own location determiningsystem, as system 100 determines, the connection point to which thetrusted user device is connected and receives the location determined bythat trusted user device, the system 100 adds an association of theconnection point and its corresponding location to the locationdatabase. When the trusted user device connects to additional connectionpoints, system 100 populates the location database further until allconnection points have corresponding locations. In the association,system 100 can use a unique identifier to identify each of theconnection points.

[0063] In another example of an automated process, system 100 employs atrusted user device 104 with its own location determining system thatcan work in the absence of GPS data. System 100 employs a user devicewith standards-based LAN connectivity capabilities. The user device iscapable of determining an absolute 3-dimensional position via GPS andalso has the capability, likely via an inertial navigation system, todetermine its absolute position in the absence of GPS data. An inertialnavigation system may be preferred because the GPS uses very low powertransmissions from the satellites and reception indoors or even outdoorsin heavily developed areas may be poor or non-existent. If system 100provides a start or reference position to an inertial based system, thatsystem can maintain very accurate 3-dimensional location datum with noexternal information. In addition to the starting position, system 100can provide a security feature to the user device to ensure that itslocation information is trustworthy. This can include, for example, keysand laser techniques. The user device calculates absolute positioninformation, and has the capability to format that information for IPtransport over a LAN via its LAN interface. An operator can go to a portproviding access to the LAN, connect the trusted user device to thatport, and command that the current location information derived by theuser device be sent to the location database in the location server 134.Upon receipt of that information, system 100 updates the locationinformation in its location database for that connection point.

[0064] In another example, as described in more detail in thealternatives section, a trusted third party can act as an agent toprovide the location of connection point 160 a. For example, if theconnection point 160 is a telephone jack in a user's home, thecorresponding telephone number can be used as a connection point ID. Thetelephone company can act as a trusted agent and provide a location(e.g., residential address) of that connection point. System 100 assignsa value for the level of trust parameter associated with that locationinformation based on the trustworthiness of the source, as describedbelow. The more system 100 trusts the third party agent, for example thephone company, the higher level of trust system 100 associates with theprovided location information.

[0065] As an alternative or in addition to the predefined database,system 100 can use characteristics of signal propagation through acable-based transmission medium to determine the location of a device.More specifically, system 100 can use a characteristic of a signal thatvaries with the length of the cable-based transmission medium (e.g.,time delay, time-domain reflectometry (TDR) techniques, signalattenuations, round-trip delay and the like) to determine the length ofcable through which the signal is traveling. For a connection point,system 100 measures the particular signal characteristic and based onthat measurement, system 100 determines the length of the cable. Asdescribed above for wireless connections, system 100 employs a lookuptable, database, and/or function that relates the characteristicmeasurement to a location for cable connections also. Data for thesignal characteristics (e.g., round-trip training for cable-based media)can be performed at the same time connection points 160 are being mappedwith a trusted GPS, as described above, so that location is not basedsolely on estimating delay.

[0066] For example, a signal characteristic database contains theassociation that a measured time delay of a signal corresponds to aspecific length of cable from the network entry device 114 a. System 100determines a relative position of user device 104 a using thatdetermined cable length as a maximum distance from connection point 160a by accounting for (e.g., subtracting) the length of cable 112 includedin the infrastructure. Further, as described above, system 100 can usephysical barriers, such as cable runs and walls, to limit the determinedboundaries of the allowable locations of the user device 104 a. Thistechnique is useful in determining whether user device 104 a isconnected to connection point 160 a using a long length of cable, thusallowing user device 104 a to be located a substantial distance awayfrom the connection point 160 a (e.g., in a different, and perhapsunauthorized, room). For example, system 100 determines, using signalcharacteristics as described above that there is 10 feet of cablebetween user device 104 a and network entry device 114 a. System 100 hasinformation that the cable length from connection point 160 a to 114 ais 7 feet and is fixed (i.e., runs through a wall and cannot bemodified). Using this combined information, system 100 determines thatthe length of cable from connection point 160 a to user device 104 a is3 feet and so the user device 104 a is confined to the room in whichconnection point 160 a is located.

[0067] The use of signal characteristics also enables system 100 todetermine which connection point a user device 104 is connected to forcables with multiple connection points (e.g., 104 i and 104 j, FIG. 8).For example, system 100 can use a calculated cable length to determinewhich of the connection points user device is within the range of thecable length. Once a connection point is identified, system 100 canobtain its location via the location database and then determine thelocation of the user device 104. It may be the case that system 100identifies multiple connection points within the range of the cablelength. It some instances, this may still be enough to authenticate thelocation, as described in more detail below. For example, the cablelength may indicate that the user device is connected to one of theconnection points in conference rooms 1-5 on the second floor. All ofthe conferences rooms, however, are in permitted locations for therequested network resources, so this granularity and precision isacceptable for authentication in this case.

[0068] 2.2 Location Information Database (FIG. 1)

[0069] As described above for both wireless and cable-based transmissionmedia, system 100 maintains and updates the location informationassociated with the connection points (e.g., 160 a-i) of the system 100in a location database. The information included in the locationdatabase can vary. For example, Table 1 is a table containing the typeof information that can be included in the location database. Asillustrated in Table 1, each row represents an association between aconnection point and its corresponding location in one or more formats.The “Connection Point ID” column contains the unique identifierassociated with a particular connection point. The connection point IDcan be any ID that uniquely identifies a connection point. As describedin more detail below and illustrated in Table 1, in one example thecombination of a device Media Access Control (MAC) address (e.g.,00001d000001) and a port MAC address within the device (e.g.,00001d000101) determines the connection point ID. The locationscontained in Table 1 are included in two format types for eachconnection point ID. The first type is an American National StandardsInstitute (ANSI) Location Identification Number (LIN) and the secondtype is a coordinate of latitude and longitude. (Some additional exampleformats system 100 can employ are described in the alternatives sectionbelow.)

[0070] The location information of Table 1 additionally includes theoptional parameters “Level of Trust” and “Device ID”. The level oftrust, as explained in more detail below, is a parameter with a value ina predefined range, where the range represents the trustworthiness ofthe location reference. The level of trust generally corresponds withthe trustworthiness of the source providing the location of theconnection point. A higher level of trust value represents a higherlevel of confidence that the location reference is accurate, reliableand has neither been altered or generated falsely to gain normallyunauthorized access. The device ID uniquely identifies the device thatis connected to the connection point. The device ID information enablessystem 100 to store a map of the physical locations of all the networkdevices (e.g., 104, 114, 136). This is beneficial if there are devicesassociated with system 100 that are not configured to acquire and/orstore their location information. System 100 can use this correspondingdevice information to enable location server 134 to transmit locationinformation to a location-aware application since the device cannottransmit the location information itself. IN other words, system 100 canact as a third-party verifier for applications requiring verifiedlocation information. Table 1 can include other information in additionor as an alternative to the device ID. For example, Table 1 can includeMAC address, address, phone number, protocol type, asset ID, ownerand/or the like. TABLE 1 Connection Location Location Location LocationLevel of Device Point ID ID Type Reference ID Type Ref. Trust ID00001d000001: ANSI xxxxxxxxxx1 Lat- x1° by 2,256 Model: 00001d000101 LINLong y1° ABC S/N:123 00001d000001: ANSI xxxxxxxxxx2 Lat- x2° by 2,256GUID: 00001d000102 LIN Long y2° A82C3 00001d000001: ANSI xxxxxxxxxx3Lat- x3° by 2,256 00001d000103 LIN Long y3° 00001d000001: ANSIxxxxxxxxxx4 Lat- x4° by 2,256 00001d000104 LIN Long y4° 00001d000001:ANSI xxxxxxxxxx5 Lat- x5° by 2,256 00001d000105 LIN Long y5°00001d000001: ANSI xxxxxxxxxx6 Lat- x6° by 2,256 00001d000106 LIN Longy6° 00001d000001: ANSI xxxxxxxxxx7 Lat- x7° by 2,256 00001d000107 LINLong y7° 00001d000001: ANSI xxxxxxxxxx8 Lat- x8° by 2,256 00001d000108LIN Long y8° 00001d000001: ANSI xxxxxxxxxx9 Lat- x9° by 2,25600001d000109 LIN Long y9° 00001d000001: ANSI xxxxxxxxx10 Lat- x10° by2,256 00001d000110 LIN Long y10°

[0071] 2.3 Specific Examples of Locating Devices (FIGS. 1, 2, 3, and 8)

[0072] As described above, once the location database is established,system 100 can provide the location information to a device when thatdevice connects to a connection point. This can include providinglocation information to devices outside of infrastructure 101 as well asdevices within infrastructure 101. FIGS. 2 and 3 illustrate additionalexamples of system 100 locating devices. FIG. 2 broadly illustrates thesteps system 100 performs, from discovering a device's connection tosystem 100 to allowing the device access to the network. FIG. 3illustrates more specifically the steps system 100 performs to determinethe location of the discovered device. In other words, FIG. 3 shows aportion of the steps of FIG. 2 in more detail.

[0073]FIG. 2 broadly illustrates an example of a sequence of stepssystem 100 performs, from discovering a device's connection to system100 to allowing the device access to the network. Referring to theexample location identification process 201 of FIG. 2, system 100activates or otherwise discovers (step 210) a device destined for anetwork association, or a device already network associated. System 100queries (step 215) the device for location information. That locationinformation may be of absolute or relative type. If location informationdoes not exist, system 100 queries (step 220) whether the device canidentify its own location. If the location information does exist, orthe device can provide a trustworthy location, system 100 establishes(step 230) the device location information. A location is trustworthy,for example, if the system 100 assigns a level of trust value for thatlocation that is above a predefined threshold. The predefined thresholdcan vary depending on the network resources that the device requests.For example, sensitive information and applications require a muchhigher threshold than access to public information.

[0074] If the device cannot provide its own location information, or thelocation information is not associated with a level of trust acceptableto system 100 for the particular transaction requested, the locationinformation is determined (step 225) independently of the device, bysystem 100 itself or a trusted third party agent. After determining(step 225) a trustworthy location, system 100 establishes (step 230) thedevice location information.

[0075] Whether system 100 can trust the location information from adevice (e.g., associate a high enough level of trust value with thelocation) can depend on the source of that location information. Forexample, if the location information came from a secure device withininfrastructure 101 not vulnerable to modification, system 100 can trustthe location information and assign a the location information a highlevel of trust value. If the location information came from a GPS and/orhas been verified by a third party certificate with security featuresallowing for a low level of probability of providing a false location,system 100 can trust the location information, but with a lower level oftrust value than if the location information came from system 100itself. The range of level of trust values is described in more detailin the restricting access section below.

[0076] In one example where system 100 determines (step 225) thelocation of a device, thus assigning a high level of trust value to thatlocation, the device receives connection information from a networkentry device (e.g., 114 a, 114 b). The connection information includesinformation that the network entry device has, such as a network entrydevice identifier and a port number of the network entry device to whichthe connection point is connected. The device transmits the receivedconnection information, or a portion thereof, to system 100, or morespecifically, to a portion of the network maintaining the locationinformation database (e.g., location server 134). Using the receivedinformation (e.g., network entry device identifier and port number),location server 134 determines the connection point to which the deviceis connected. Referring to the unique identifier of that connectionpoint, which in one example could be the combination of the networkdevice identifier and port number, location server 134 retrieves thelocation associated with that connection point. Location server 134transmits to the device the location information associated with theconnection point.

[0077] Continuing with process 201, system 100 optionally confirms (step235) a predefined list of additional parameters, either through adatabase search or a table update. System 100 may employ that predefinedlist of parameters to define network access as described below. Thepredefined list of parameters may include, but is not limited to, thedevice port number of the connection, traffic activity and linkinformation, MAC address, IP address, a timestamp, and activitystaleness. Upon satisfaction by system 100 that the appropriatepredefined list of parameters and device location information has beengathered (step 235), system 100 permits (step 240) network access. Asdescribed below, the location information may be used as a supplement toexisting network usage control means, such as NOS, RADIUS, IEEE 802.1X,IEEE 802.1Q, firewalls, and QoS mechanisms. Further, system 100continually polices against these mechanisms to ensure that networkusage does not go beyond the bounds set by parameters defined withinthese mechanisms, including location restrictions for devices and/ordata.

[0078] In general, in alternative sequences of steps, system 100establishes a device location and a level of trust of that establishedlocation based on a combination of multiple inputs, including locationinformation included in the device itself (e.g., step 215), locationinformation identified by the device (e.g., step 220), and locationinformation gathered independently of the device (e.g., step 225),without necessarily following the sequence shown in FIG. 2.

[0079] In addition, FIG. 2 shows a single sequence of steps to determinea location of a device and to act on that determined location. Ingeneral, this process, and other processes involving determining orverifying device locations that are described below, may be repeatedwhile the device is connected to the network for any of a number ofreason of interest to the network admin that re-determining location isrequired, including in the event of a detected attack, when newinformation about the device's location becomes available, periodically,or based on an internal or external network events or other matters ofnetwork policy. This repetition of the process provides an ongoingpolicing function. For example, such a policing function can be used sothat a device cannot be established at one physical location, and thenmoved to another physical location where its privileges may bedifferent.

[0080] As introduced above, a wide variety of events may initiate theprocess of determining and validating the location of a device. Thesecan include, but are not limited to: a timer expiring, a communicationlink being broken, a communication session terminating, a change in auser's credential, triggering of a firewall alarm, a new network devicejoining the network, prompting by a management station, particularmovement of a device is detected, a shadow (users or devices of network)device is detected.

[0081] Referring to FIG. 3, example process 300 illustrates the stepssystem 100 performs to determine the location of the discovered device.For clarity and example only, some portions of example process 300 referto a location server and a location client. A location server refers toa device of system 100 comprising functionality in location module 185that enables that device to provide location information to anothernetwork device. This can include hardware and/or software applicationsfor the storage of location information parameters, access to thestorage devices containing values for parameters, algorithms andprocesses to determine the location of a device and other likefunctionality. Additionally, location module 185 of a location servermay be further configured to provision operational configurationparameters based on the location of the network-attached device, asillustrated in the optional steps of FIG. 3. A location client refers tothe device for which the location server is trying to determinelocation. The network entity of FIG. 3 represents an intermediary devicethat includes the access port through which the location clientcommunicates.

[0082] Referring to FIG. 1, for an example where the location client isuser device 104 a, the network entity of FIG. 3 is the network entrydevice 114 a, which has connection port 113 through which the userdevice 104 a communicates. For an example where the location client isnetwork entry device 114 a, the network entity of FIG. 3 is theswitching device 136, which has the connection port 165 through whichdevice 114 a communicates. As these two examples illustrate, networkentry device 114 a can act as both a location client and an intermediarydevice. In a distributed example described in the alternatives sectionbelow, network entry device 114 a also can act as a location server,thus combining the network entity and the location server of FIG. 3 intoa single device.

[0083] Referring to process 300, the network entity (e.g., 114 a)transmits (step 305) connection information (e.g., in the form of datapackets) to the location client (e.g., 104 a) that allows for thedetection of a unique connection point ID. This connection informationcan represent the port to which the connection point is physicallyconnected. The connection information can be in a format compliant withmany different protocols. The location client receives (step 310) theconnection information and determines (step 315) a connection point ID.For example, the location client can extract the connection point IDfrom one of the example packet types.

[0084] For illustration, a specific example employs IEEE Spanning TreeBridge Protocol Data Unit (BPDU). In an IEEE 802.1 D Spanning Tree BPDUexample, every switch port with spanning tree enabled will forward(step305) a BPDU at regular intervals. A BPDU comprises the followinginformation: (i) the primary MAC Address of the transmitting switch(bridge ID); (ii) the identifier of the transmitting port (the MACaddress of the switch port sending the BPDU); (iii) the unique bridge IDof the switch that the transmitting switch believes to be the rootswitch; and (iv) the cost of the path to the root from the transmittingport. The location client receives (step 310) the IEEE spanning treeBPDU and decodes the unique bridge ID and transmitting port ID as itsconnection point ID. Using that decoded information, the location clientdetermines (step 315) that the connection point ID={Bridge ID MACAddress}+{Transmitting Port ID MAC Address}. Alternatively, the locationclient forwards these received parameters to the location server and thelocation server generates the connection point ID by combining theapplicable parameters, as described in FIG. 2.

[0085] It can be seen that this approach may be applied to otherdiscovery protocols and techniques, with modification dependent uponspecific protocol formatting. Also, system 100 can employ other uniqueidentifiers. For example and referring to FIG. 8, for user device 104 h,which is connected to system 100′ through a telephone network 132,system 100′ can employ a phone number to uniquely identify theconnection point 160 k (e.g., phone jack) to which the user device 104 his connected. Similarly, user device 104 g can be a personal computerconnected to Internet 148 via a cable modem that has been assigned aunique IP address. System 100′ can employ this unique address, alone orin combination with an ISP identifier, to uniquely identify theconnection point 160 l (e.g., a jack or the end of a cable for a cablemodem) associated with user device 104 g.

[0086] In process 300, the location client transmits (step 320) theconnection point ID to the location server. The location serverdetermines (step 325) location information for the location client basedon the connection point ID. The location information can be defined in alocation database within the location server as described above ordiscovered from the network infrastructure 101′ using the techniquesdescribed above.

[0087] After determining (step 325) the location information, thelocation server transmits (step 330) the location information to thelocation client. If configured to do so, the location client stores(step 335) the location information for future reference. In addition tothe location, the received data may include a corresponding level oftrust value associated with the origination of the location information.The location information, and any additional information, may also beprotected with a security feature. For example, the information may beencrypted with a temporary key associated only with the particularconnection point to which the location client is connected.

[0088] To determine (step 325) location information, the location serveremploys a location database comprising connection point ID informationand geographic information. An advanced location server can also act asa device registry and can map unique identifiers of the devices (e.g.,104, 114) to their corresponding connection point and geographicinformation, as illustrated in Table 1 above. As illustrated in FIG. 3,the location server can optionally store (step 340) the locationinformation in a storage module on the network entity. In anotherexample, the network entity storage module and the location database canbe the same. Thus, more than just a topology, the location server storesand/or has access to information with the physical locations of themapped devices.

[0089] Referring to process 300, the location client counts (step 320) apredefined amount of time to resend (step 320) its connection point IDinformation to the location server periodically to ensure the accuracyof the location information. The location server sends (step 330) thelocation information to the location client after referencing (step 325)the connection point ID that was previously sent by the location client.This periodic verification is one example of system 100 periodicallypolicing location information. Or in other words, periodically verifyingthat the location client has not changed locations.

[0090] Also shown in process 300 are the optional steps 350 and 355,representing examples where the location server is expanded to provisionand/or store information other than the location references in thelocation database. In this example, the location server obtains (step350) configuration and/or provisioning information based on theconnection point ID and transmits this additional information to thelocation client. Using this additional information, the location clientcan configure (step 355) itself in accord with this additional data,which is based on location. Similarly, although not shown, the networkentity can also configure itself.

[0091] After system 100 authenticates the location information andoptionally configures devices based on their location, system 100continually polices the network at the edges of infrastructure 101 toensure that policies regarding location information are enforced. Thesteps 365, 370, 375, and 380 of process 300 illustrate an example ofedge policing by system 100. For example, when the location clientrequests (step 365) additional resources, the network entity (e.g., inthe case of edge policing, network entry device 114) verifies (step370), using any of the techniques described herein, that the locationclient is still at the same location as when the client wasauthenticated. If not, the location client is forced to repeat theauthentication process at the new location. In response to a request fordata, the location server, or another server and/or application on thenetwork, transmits (step 365) the requested data to the location clientvia the network entity. As described in more detail below, the networkentity determines whether there are any location restrictions on thedata. If so, the network entity enforces (step 380) those locationrestrictions by, for example, not forwarding the data to the locationclient if the location client is at a prohibited location. Asillustrated, the network entity polices both incoming requests andoutgoing data in accordance with location based policies.

[0092] 3.0 Network Operation Using Device Location (FIGS. 4, 5, 6, and7)

[0093] As illustrated in the optional steps of FIG. 3, once system 100determines the location of a device, system 100 can employ that locationinformation to provide some automated operations. In other words, anetwork that is location-aware enables the utilization of informationstored on a location client and/or in the location database to enhancethe operation of the location-aware network. Because system 100 is ableto learn the connection point to which any device is connected using thetechniques above, system 100 can provide automated management based onthe locations associated with those connection points. The operationsand services that the system 100 provides for automated management basedon location information vary. Some techniques/mechanisms are describedbelow in more detail.

[0094] 3.1 Provisioning and Configuring

[0095] One type of automated mechanisms involves the provisioning andconfiguration of devices as they are added to system 100. When added,system 100 determines the location of the added device and then based onthat location, system 100 determines, for example, what particularconfiguration file should be loaded into the device, what type ofnetwork priorities the device should be assigned, such as bandwidth,latency, QoS and other like network policies. This mechanism enablessystem 100 to enforce any of these policies based on the location ofeach device. The examples that follow illustrate how system 100 canexpand data within the location database to include the provisioningand/or configuration data.

[0096] 3.1.1 Provisioning/Configuring Examples Using an ExpandedLocation Database

[0097] In one specific example of provisioning, a location serverassigns location information and network specific configurations toVoice over IP (VoIP) handsets. The information is provisioned on thephone and includes, for example, Virtual LANs (VLANs) ID, trafficprioritization at layer 2 or layer 3, and an E911 LIN. This simplifiesthe information on VoIP phones in branch offices, for example. Theprovisioned parameters are added to the location information in thelocation database of the location server. An expanded location databasefor VoIP phone environments can include the following information: VLANmembership of the voice entity, layer 2 priority mappings for voicepayload/voice control/non voice traffic, layer 3 class of servicemarkings for voice payload/voice control/non voice traffic, locationclient's network layer address, ANSI LIN numbering, geographic locationinformation including latitude, longitude, altitude and accuracy factor,device microcode file to boot (e.g., bootp server pointer), and/or otherlike parameters. Table 2 is a table containing an example of the type ofinformation that can be included in an expanded location database thatincludes additional provisioning parameters for a VoIP network. Inaddition to the connection point ID and the location reference, thelocation database represented by Table 2 also includes a voice VLAN IDand a voice priority parameter. As described above, the locationdatabase also can include device ID data about a location client. In theVoIP example, these optional device ID parameters can include thehandset extension number, the handset model number, the handset version,the handset network address, and/or the like. TABLE 2 ConnectionLocation Location Voice Voice Device ID Entry Point ID ID Type ReferenceVLAN ID Priority (optional)  1 00001d000001: ANSI xxxxxxxxxx1 101 5extension: 7082 00001d000101 LIN model: 123  2 00001d000001: ANSIxxxxxxxxxx2 101 5 00001d000102 LIIN  3 00001d000001: ANSI xxxxxxxxxx3101 5 00001d000103 LIN  4 00001d000001: ANSI xxxxxxxxxx4 101 500001d000104 LIN  5 00001d000001: ANSI xxxxxxxxxx5 101 5 00001d000105LIN  6 00001d000001: ANSI xxxxxxxxxx6 101 5 00001d000106 LIN  700001d000001: ANSI xxxxxxxxxx7 101 5 00001d000107 LIN  8 00001d000001:ANSI xxxxxxxxxx8 101 5 00001d000108 LIN  9 00001d000001: ANSIxxxxxxxxxx9 101 5 00001d000109 LIN 10 00001d000001: ANSI xxxxxxxxx10 1015 00001d000110 LIN

[0098] In one specific example of configuring, a location server enablesautomated figuration of location clients, such as switches and routers.Often, network switches have to support complex configurations, and thatcomplexity limits the ability of the switch to be moved around thenetwork. If system 100 enables a network switch as a location client, itis possible to automate the configuration of the network switch. In thisexample, a network operator enters a wiring closet and simply plugs in anetwork switch that only contains its network layer address and thenetwork layer address of the location server. After the network switchpowers up, it detects (step 310 (FIG. 3)) its location, for example asdescribed above, by analyzing an IEEE Spanning Tree BPDU to determine(step 315 (FIG. 3)) its connection point ID. Once the network switchdetermines (step 315 (FIG. 3)) its connection point ID, the networkswitch initiates (step 320) a conversation with location server 134. Inthis example, the location server references (step 350 (FIG. 3)) theconnection point ID to a location database field which represents thebase configuration file of any network switch that may connect to thenetwork at that location. Table 3 is a table containing an example ofthe type of information that can be included in an expanded locationdatabase that includes additional configuration parameters to configurea network switch. In addition to the connection point ID and thelocation reference, the location database represented by Table 3 alsoincludes a configuration file parameter identifying the configurationfile to be used to configure a location client at that correspondinglocation. TABLE 3 Location Location Configuration Connection Point ID IDType Ref. file  1 00001d000001:00001d000101 Lat-Long x1° by y1°closet1.cfg  2 00001d000001:00001d000102 Lat-Long x2° by y2° closet2.cfg 3 00001d000001:00001d000103 Lat-Long x3° by y3° closet3.cfg  400001d000001:00001d000104 Lat-Long x4° by y4° closet4.cfg  500001d000001:00001d000105 Lat-Long x5° by y5° closet1.cfg  600001d000001:00001d000106 Lat-Long x6° by y6° tftp:/1.1.1.1/closet15.cfg 7 00001d000001:00001d000107 Lat-Long x7° by y7° closet1.cfg  800001d000001:00001d000108 Lat-Long x8° by y8° http:/2.2.1.1/closet99.cfg 9 00001d000001:00001d000109 Lat-Long x9° by y9° closet1.cfg 1000001d000001:00001d000110 Lat-Long x10° by y10°ftp://3.3.3.3/config10.cfg

[0099] 3.2 Restrictions Based on Location (FIGS. 4, 5, and 6)

[0100] In addition to provisioning and configuring, the operations ofsystem 100 can be restricted based on location. These restrictions caninvolve restrictions on the access and use of system 100. Theserestrictions also can involve the transmission of data around andthrough system 100. For an overview example relating to network access,the location information within a network enables authentication basedon location. Location information allows system 100 to authenticate auser not only based on the credentials provided by the user, but alsobased on the location of the device used by the user to access thenetwork. Dependent upon the device location, system 100 can allow orrestrict access to certain devices, information, applications, signalexchange priorities, and the like. Further, even if a device and/or itsuser supplies to system 100 a claimed device location, system 100 canemploy the techniques described herein to confirm the locationindependently from the device. This ensures that the device locationcomes from a trusted source (e.g., assign an acceptable value for thelevel of trust parameter) and can be used reliably.

[0101] For an overview example relating to data restrictions, system 100can add one or more parameters to data associated with a network (e.g.,a proprietary database) for restricted access as a function of thelocation of the device seeking the information, or a combination of userand location information. For example, system 100 may be programmed todeny access to corporate business information upon request from anetwork entry device, or coming through an intermediate device that islocated outside of a specified region. System 100 also can employlocation information to effect a change in a file dependent upon thelocation of the device accessing that file. In particular, the file mayinclude a lock-out indicator or a destruction indicator if an attempt ismade to open it from outside a specified location. One example issensitive corporate business information. If an attempt is made toaccess such information from what is otherwise an authenticated device,that information or file may nevertheless be destroyed if theauthenticated device is not at a specified location or region. Thisfeature can be seen as valuable in maintaining the security of filesretained on or accessed by a device that is not in the possession of anauthorized user. The examples that follow describe these overviewexamples in more detail.

[0102] 3.2.1 Restricting Access to Network (FIGS. 4 and 5)

[0103] As described in the overview example, location information allowssystem 100 to authenticate and restrict a user based on the location ofthe device used by the user to access the network. The locationinformation can be added as an authentication attribute to typicalauthentication systems. Entry into and usage of a network is typicallyregulated using authentication systems such as Network Operating Systems(NOSs), Remote Authentication Dial-In User Service (RADIUS), describedin IETF Request For Comment (RFC) 2138, and IEEE 802.1X standard, whichprovides for port-based network access control based on a MACidentifier. In the case of NOS and RADIUS, an authentication server(e.g., 142 (FIG. 8)) provides the mechanism for establishing suchauthentication. In the case of IEEE 802.1X, the network entry devices114 may be configured with such authentication capability, as describedmore fully in that standard. IEEE 802.1Q standard provides another meansfor controlling access and usage of a network. That standard is directedto the establishment and operation of VLANs. The IEEE 802.1Q standarddefines the configuration of network devices to permit packet receptionat a configured port entry module. Firewalls (e.g., 140 (FIG. 8)) alsoprovide a technique for network usage regulation. Firewalls areprimarily computer programs designed to analyze packets and, from thatanalysis, make a determination as to whether packet transmission into orout of the network is permitted. Being location-aware, system 100 isable to combine the association of a device's physical location with anyof these network access regulations as an attribute to assess permittednetwork access. For example, a VLAN policy template distributed tonetwork devices to configure VLANs can be accompanied by a physicallocation constraint.

[0104] In general overview of the authentication process, a user device104 connects to the network infrastructure 101, via a connection point160. System 100 authenticates the device. System 100 receives thelocation of the device 104 from the device 104 itself and/or frominfrastructure 101. System 100 receives user credentials andauthenticates the user. During this authentication, system 100 verifiesthe location of device 104 employing the techniques described herein. Ifthe user is authenticated and the location is both verified andauthenticated for the requested network resources, system 100 proceedsin allowing device 104 to access the requested resources. System 100 canlog each of these events for administrative use.

[0105] To describe this concept in more detail, the following exampleinvolves the use of an authentication server (e.g., 142 (FIG. 8)). Inthis example, the authentication server, utilizing various protocols,such as RADIUS, TACACS+, Diameter, SecureID®, EAP/IEEE 802.1X and/or thelike, includes the functionality of a location server. Theauthentication server/location server also includes a location database.The location database is expanded to support the ability to indicatewhether the authentication server should consider location informationwhen a user or network client tries to log in from a certain physicallocation.

[0106] For example, secure military and intelligence environments canrequire that certain physical locations be protected from unauthorizeduse of computing systems available in that secure location. Eachcomputing system includes a location client that the computing systememploys during the process of authenticating an individual user. Theexpanded location database may contain, for example, attributes such as“secure area” or “minimum security level” truth tables. When a usertries to authenticate, the authentication/location server employs thelocation of the user requesting authorization when validatingcredentials. The authentication/location server derives thisinformation, for example, using a reference to a connection point ID asdescribed above. If the user has a security clearance of a high enoughlevel to authenticate from that location, the authentication processproceeds. If the user fails to meet the security level associated thatparticular location, then the network can halt the authenticationprocess, sound alarms and/or report the location of the unauthorizeduser.

[0107] In more detail, FIG. 4 illustrates an example process 401 thatsystem 100 employs to determine whether any restrictions to access thenetwork, based on location, are applicable. Specifically, in examplelocation identification process 401 represented by FIG. 4, a userseeking access to system 100 can be first authenticated (step 405) orotherwise filtered by system 100. System 100 achieves this portion ofthe authorization process by requiring the end user at a location clientdevice to supply certain user information including but not limited to,a name and one or more passwords (e.g., necessary user credentials). Ifthe user is permitted access to system 100 on that basis (e.g., username and password), system 100 permits the user to query (step 410)system 100 for access to certain information, applications, and thelike. Alternatively or in addition, system 100 receives (step 415) thedevice location before allowing the requested access. A trusted userdevice (e.g., 104), a network infrastructure device (e.g., a networkentry device 114) and/or a location server can supply the user devicelocation using the techniques as described herein.

[0108] With the received location information, system 100 authenticates(step 420) that the physical location of the client device is in apermitted and authorized location for access to the requested networkresources. In one example, system 100 permits requested access fromdevices having pre-approved location identifying equipment, such as atrusted device that can identify the location of that client device. Asdescribed above, this can include a GPS receiver associated with theclient device that system 100 has previously evaluated fortrustworthiness (e.g., cannot provide false location). This also caninclude a trusted device within network infrastructure 101 such as anauthenticated router or switch or a hardwired GPS receiver that canprovide location information using the techniques described above. Thecreation of the trusted- device also may be a recursive function if theclient device is located relative to the trusted device and the networkor the network location resolution is built outwardly.

[0109] In general, system 100 performs an ongoing policing function, forexample by repeating the process shown in FIG. 4 periodically or whennew information becomes available or triggered by external events.

[0110] In another example, the system 100 employs a level of trustparameter to authenticate (step 420) the trustworthiness of the locationinformation. The values for the level of trust parameter can vary, usinga sufficiently large scale and range to allow for changes and growth.For example using a sixteen bit word, system 100 can use a a scale from256 to 3,840, where 256 corresponds to the lowest level of trust and3,840 corresponds to the highest level of trust. This range, because itdoes not use all sixteen bits, provides room for growth in the range assystem 100 develops over time. Any levels in between the lowest andhighest levels of trust represent a mixed level of trustworthiness andsystem 100 determines whether it will employ the location informationwith a mixed level dependent on the type of access the user requests(e.g., results of the query (step 410)). A more sensitive applicationand/or information may require a trust level of 3,072 or greater,whereas a general application and/or information may require a trustlevel of 1,023 or greater. System 100 may allow a user to access publicinformation regardless of the value of level of trust. In other words,the required level of trust value to authenticate the location can varydepending on the types of resources to which the client requests access.

[0111] In one example, system 100 determines the level of trust of thelocation information based on the originator of the locationinformation. If the location information originates from an internalrouting device within infrastructure 101, without public access andunder control of a network administrator, and the connection point is ajack in the wall, with an attaching cable that cannot be altered withoutdestroying the wall, the system 100 can assign the highest level oftrust value of 3,840 (i.e., this example employs a scale of 256 to3,840). In this case the probability that the location information willbe incorrect or has been altered is very low or non-existent. If thelocation information originates from a wireless access point (e.g., 120b) within the system 100 that determines the location of the user deviceusing a technique described above, there is some trust because awireless access point 120 is within the infrastructure 101 of thenetwork. There is some possibility of signal manipulation, however, sosystem 100 assigns the location information a level of trust a value of2,256 because the probability of incorrect location information isrelatively higher than the jack in the wall example above. If thelocation information originates from the user device itself using asystem that is allegedly tamperproof, or comes with a third partycertification, system 100 can trust this slightly, but again is not sureof what can be done to manipulate signals, so system 100 assigns this alevel of trust value of 1,023. If the location information originatesfrom the device with little or no safe-guards (e.g., using a built-inGPS with no tamper-proof technology), system 100 can assign the locationinformation a level of trust of value of 456 (e.g., trusts all GPSsignals slightly) or 256 (e.g., no mechanisms to prevent signaltampering, so assign lowest value).

[0112] With reference to FIG. 4, once system 100 has authenticated (step405) the user and authenticated (step 420) the device locationinformation, system 100 considers the access request. System 100determines (step 425) whether the user has the proper credentials forthe level of the requested service. To do this, system 100 compares theuser credentials, the location information, and the conditions of accessrequested (e.g., a request for a certain database of information, arequest for a certain application, and the like) with any storedlocation restrictions. If system 100 determines (step 425) the user isauthenticated for the particular request, system 100 determines (step430) whether the device used by the user is in a location approved orotherwise permitted to receive the requested information, application,and the like. If both threshold questions (step 425 and step 430) areanswered in the affirmative, system 100 permits the user to access, viathe client device at the known location, the material requested. Ifeither threshold question (step 425 and step 430) is answered in thenegative, system 100 denies (step 440) the user access and can notifythe network manager. In addition or as an alternative to denying access,system 100 also can entertain, honeypot, and/or otherwise disable anddelay the requesting client to provide time for an administrator to takeadditional action, such as notifying authorities. In another example,system 100 bases access to the requested material solely on devicelocation, and the optional steps of authenticating (step 405 and step425) based on user identification information are not a pre-conditionfor access. As described above, system 100 can continually policelocation authentication by looping steps 415, 420, 425, 430, and 435, asindicated by arrow 440.

[0113]FIG. 5 represents another example authentication process 500. Inthe illustrated process 500, system 100 obtains (step 505) the locationinformation for an client device. In this case, system 100 employs onlythe location of the device in determining the appropriate level ofservice. In another example, system 100 can also employ the usercredentials (e.g., user name and password), in addition to the location,to determine the appropriate level of service. System 100 determines(step 510) whether the obtained location is verified. If system 100determines (step 510) that the location is not verified, system 100denies (step 515) access or restricts (step 515) access according topredefined policies (e.g., deny any access or restrict access to onlythose devices, applications and data available to the general publicregardless of location). If system 100 determines (step 510) that thelocation is verified, system 100 determines (step 520) whether thelocation is authenticated. If system 100 determines (step 520) that thelocation is not authenticated, system 100 determines (step 525) whetherto accept the asserted location. If system 100 determines (step 525) tonot accept the asserted location, system 100 denies/restricts (step 515)access according to predefined policies. If system 100 determines (step525) to accept the asserted location, system 100 allows (step 530)access at selectable service levels, as described below, according topredefined policies.

[0114] If system 100 determines (step 520) that the location isauthenticated, system 100 determines (step 535) whether the userlocation is authenticated at the level required. This can include, forexample, having a minimum level of trust for the requested level ofaccess. If system 100 determines (step 535) that the user location isnot authenticated at the level required, system 100 allows (step 530)access at selectable service levels, as described below, according topredefined policies. If system 100 determines (step 535) that the userlocation is authenticated at the level required, system 100 allows (step540) access at the authenticated level.

[0115] As described in conjunction with process 500, system 100 allows auser access to system 100 at selectable service levels, based onlocation information (e.g., step 530). Examples of selectable servicelevels include, but are not limited to: access denied; threshold accesspermitted regardless of device location; trusted user and devicelocation is verified but not authenticated, some restricted servicespermitted; general location verified (e.g., in a public area, airport,country, city, telephone area code or exchange) and some limited accesspermitted; verified ISP and user verified; verified ISP and user notverified, some limited access permitted; previously authenticatedlocation, re-authentication required based on time intervals;authenticated location and user, permit all predefined permissions; andre-authentication required. Some of these levels can be combined toinclude additional service levels. For example, re-authentication may berequired at any time for any reason including, but not limited to,topology changes, timeouts, untrusted network devices, location databasechanges, disconnected cables or local or remote triggers from intrusiondetection systems and firewall systems. System 100 can enforce suchre-authentication policies, for example by using the edge policingdescribed in FIG. 3. These service levels may correspond to the levelsof trust described above (e.g., level of service dependent on a minimumvalue of the level of trust of the location information).

[0116] Use of the above techniques enables system 100 to restrict accessto data, applications, specific networked devices, data and networkservice, QOS (Quality of Service) levels, network tools, functionality,rules, and the like, based on the user and/or the location of the deviceassociated with the user seeking access. Further to the techniquesabove, system 100 can employ the location information to effect amodification of the access requirements. For example, when a deviceseeks network access from a location deemed not to be inherently secure(e.g., such as a public facility like an airport), system 100 can prompta user to initiate an improved connection, such as a virtual privatenetwork (VPN), or can inform the user that supplemental restrictionsapply while in the insecure area. More generally, this can be seen as anexpansion of policy-based access in that the access rules for anindividual user may be adapted as a function of the client devicelocation and/or the level of trust associated with the locationinformation.

[0117] Further to the techniques described above, system 100 also canprovide restricted access to the network based on a particular portconnected to the connection point to which the location client isconnected. In one example, system 100 employs the techniques above todetermine the location of the connection point associated with thatparticular port, rather than assume a location supplied by the locationclient is correct. For that particular port for which location has beenestablished and can be trusted, system 100 encodes transmitted data suchthat the port associated with the trusted location and only that portwill accept the encoded data for transmission. If the user disassociatesfrom that particular port, whether intentionally or unintentionally,he/she must re-authenticate.

[0118] In this example, system 100 performs the authentication and anyre-authentication using an encryption key process. Specifically, an enduser, that system 100 has authenticated by user and by location, isprovided with an encryption key that is designed to work only on theport through which the key was supplied, and no other. That is, the keycannot be obtained and then used through a different port, which wouldbe the case if the device used by the user were to move locations (e.g.,change connection points). It is to be noted that the key may betumbled, rotated, and the like. In one example, the network entry devicehas no knowledge of the specific key, but instead uses the portnumber/logical port number and one or more of a MAC address, an IPaddress, its own generated encryption key, and the like, to permittransmission. System 100 also can modify a data packet so that itsreceiver can only determine whether the transmission came from the rightuser (e.g., based on the use of the right key) and was modified by anauthenticated device (e.g., the location/authentication server) for thatparticular access port (e.g., 113 (FIG. 1)) of the network entry device(e.g., 114 a (FIG. 1)). In another example, there is a three way keying.The client device, the port from the network entry device and the serverproviding the data each have their own associated keys. In this way, theserver can verify that the data coming from the client is indeed comingthrough the port with the assigned key, for example by verifyingsignatures on the data from both the client and the authenticated port.In summary, the key is only good for that port which has beenspecifically established to authenticate that user at the authenticatedlocation. In that way, system 100 can prevent a user from obtainingaccess, using a false allowable location, by denial of port access whenthe end user's location has changed, even if the original encryption keyfor that allowable location has been acquired.

[0119] 4.2.1 Restricting Location of Data (FIG. 6)

[0120] In addition to access control, system 100 can use locationinformation to enforce restrictions regarding the transmission of data.As described in the overview example, location information allows system100 to deny access to certain sensitive information upon request from alocation client outside of a specified region, or to prohibit data frombeing transmitted through an intermediate device that is located outsideof a specified region. FIG. 6 illustrates an example process 601 thatsystem 100 employs to effect these data transmission restrictions.Specifically, in the example information tagging process 601 representedby FIG. 6, system 100 receives (step 605) a request from an end user foraccess to information (e.g., file, document, and/or the like, generally,data). This assumes that the end user has been adequately authenticatedor otherwise permitted access to the network, as described above. System100 then determines (step 610) whether the requested data is locationsensitive. That is, whether the data should not be moved beyond certaindefined boundaries (e.g., a present device, a room, a building, acampus, a city, a country and the like). If system 100 determines (step610) that the data is not location sensitive, system 100 permits (step615) access to that data that is not restricted by location.

[0121] If system 100 determines (step 610) that the data is locationsensitive, system 100 tags (step 620) the data. For example, theapplication generating the data and/or the server generating a datapacket to transport the data over the network can add this tag whilegenerating the data and/or packet. In one example, the tag comprises afile header that identifies location restrictions. The file header alsocan include a key. In some examples, an end user can request to add atag to sensitive data such that it cannot be transmitted outside of adefined location (e.g., home, corner office, the courtroom, a hospital,a healthcare facility and the like). The tag may be configured either todeny opening (step 620 a) of the transmitted data at an unauthorizedlocation, or to destroy (step 620 b) the data when it is determined thatthe data is in an unauthorized location. The file header may itself becoded or encrypted. Additionally the data/file may be so encrypted suchthat the deletion of this special file header will either deny openingof the transmitted data, or force the destruction of the data,regardless of the location.

[0122] A device within system 100 and/or the data itself determines(step 625) whether the data is outside the permitted location(s). If thedata is not outside the permitted location(s), the system 100 permits(step 615) access to the data. If the data is outside the permittedlocation(s), system 100 denies (step 630) access to and/or destroys(step 630) the data. If the data is going to be routed in the next hopto a location that is outside the permitted location(s), the system 100prohibits the data from being transmitted to that device outside of thepermitted location(s). For example, system 100 can employ edge policing,as described with FIG. 3, where devices of infrastructure 101 police andenforce access by controlling whether or not the data is forwarded to alocation client requesting the data. The data itself, or an applicationtrying to access the data, can also police and enforce theserestrictions by including executables that obtain the location, with anacceptable level of trust, of the device in which it executes andprohibit access if such location is a prohibited location.

[0123] The system 100 can be optionally configured to provide additionalsecurity override controls to the end user to prevent destruction of thetagged data or denial of access to the tagged data if the user islocated outside of the permitted area of access. In this case, system100 polices access to the data and not necessarily where system 100forwards the data. In this example, even if the data is outside thepermitted location(s), the system 100 determines (step 635) whether thetag can be overridden. If the tag can be overridden, the system 100permits (step 615) access to the data. In this case, the access (step615) is limited access. For example, the user may be allowed to load thedata into a user device for transport, but the user cannot read or editthe data until the user device is located in a permitted location.

[0124] 4.3 Providing Other Services (FIG. 7)

[0125] With a location-aware infrastructure, system 100 can employtrusted location information to provide other services in addition tothose described above. For example, system 100 can use the locationinformation in emergency situations, where a device may be an alarm orsensor. System 100 determines the location of the alarm device andtransmits the location information to a party responding to the alarm.System 100 can also use location information to recover a stolen userdevice 104. As the stolen user device 104 accesses system 100, system100 determines the location of the stolen device and transmits thelocation information to a party seeking to locate the device. System 100can track mobile user devices (e.g., 104 b) and thus can also trackanything associated with that user device (e.g., the user, a file, aphysical object, and the like). System 100, through the use of locationinformation, can provide these and other services and applications. Theexamples that follow illustrate how system 100 can employ locationinformation to provide these and other services and applications.

[0126] In one example, FIG. 7 illustrates a process 700 for establishinga security service in a network environment based on locationinformation. In process 700, the client devices may be physicalintrusion detection devices, smoke detectors, fire alarms, EMT devices,wireless panic buttons, and the like. These client devices are designedto signal an emergency event. Alternatively, the device may be any sortof network-connected device that is configured to transmit an alarm uponfailure or imminent failure, or to transmit an alarm if a deviceconnected to it fails. If the device includes a location module 185,location server 134 can provide and store that device's locationinformation in that device itself.

[0127] In one example, an event triggers (step 705) a smoke detector onthe 4th floor of the 5th building on the left side of the street. System100, to which the triggered device is connected, either determines thedevice's location using the techniques described herein or queries (step710) the triggered device's specific location information. System 100directs the query to the device itself, or to location server 134.System 100 receives (step 715) the location information, either as anabsolute or a relative location. As described above, the locationinformation may or may not be trustworthy. System 100 can verify thelocation information to make it trustworthy or increase the level oftrust required for the particular security service system 100 isproviding. System 100 relays (step 720) that detailed locationinformation to the appropriate authorities, potentially leading togreater response efficiencies. A location client having a networkassociation can be made more effective by linking the device's locationinformation with that device's operation.

[0128] Another example of a security service system 100 provides is toprotect sensitive devices from theft. For example, if a laptop computeris stolen and the thief seeks to access system 100, system 100 evaluatesthe location information, whether obtained directly from that client orfrom the location server 134 when the end user accesses the network. Inthe event that network entry is sought, the location of the requestingclient is acquired. Assuming system 100 can determine that thatparticular location client has been stolen, system 100 supplies thelocation information to a suitable authority. To provide authoritiesenough time to get to the identified location, system 100 also canentertain, honeypot, and/or otherwise disable and delay the requestinglocation client. The location-aware system 100 thus can be used as aneffective means to exchange accurate location information in relation toa security violation and potentially, to neutralize effects associatedwith that violation.

[0129] Yet further, the location-based system 100 and the techniquesdescribed herein may be employed to regulate and/or accurately monitorthe movement of individuals, equipment, packages, and the like, as theytravel near and through network infrastructure 101. An electronic device(e.g., user device) that communicates with system 100 is applied to apass, a label, an asset tag, and the like. That device includes means toenable tracking of its location using techniques, for example, theradio-based techniques described above. For example, all visitors to asecure facility are supplied with a visitor pass. That visitor passincludes a transceiver that is capable of communication with wirelessaccess points (e.g., 120 b (FIG. 1)) of network infrastructure 101positioned throughout the facility. These wireless access points can beconfigured such that as the tag/pass/visitor moves throughout thefacility, network infrastructure 101 determines the visitor's locationusing the techniques described above. In addition, security guards canknow whether any visitors remain in the facility at a planned closingtime. This eliminates the need for the facility to maintain a separatetracking system with sensors. Instead of the separate tracking system,the same data network infrastructure 101 employed for network accessalso can be employed for tracking, by associating a location with eachof the devices that communicate with network infrastructure 101.

[0130] These techniques enhance network security, enhance devicesecurity, likely improve emergency responsiveness, and may be employedto establish network-based organizational security. These and many otheradvantages are provided through the association of relevant networkdevice and networked device location information with security,protection, and response efforts. System 100 can also provide otherservices based on location not described above. For example, system 100can provide enhanced network topology discovery and mapping, with devicemap representations specific to their physical location. For example,system 100 can employ location information to prepare accurate maps thatassociate devices with their physical locations. System 100 also canprovide device inventories by location, without the need of manuallyverifying each device individually. As described above, the locationdatabase can be expanded to include device ID information along with thecorresponding location information.

[0131] Further, system 100 can employ location information to check thatnetwork rules are followed (e.g., if wiring designs are inaccurate andmust be supplemented or changed). The location information can be ofvalue to the LAN manager and, for example, to an Internet ServiceProvider (ISP) or a cable operator interested in knowing the locationsof cable modems and phone line terminations.

[0132] System 100 also can provide information to a user that isrelevant based on that user's current location. For example, a travelingend user may dial into the network, have the connecting device'slocation information acquired or supplied, and then be directed tohotels, restaurants, and the like, within a defined radius of thedevice's location and meeting any number of selectable criteria.

[0133] 5.0 Some Additional Examples (FIG. 8)

[0134] Referring to FIG. 8, system 100′ provides another example of alocation-aware network and is described as an enterprise network thatserves as a data communications network for a business organization orother type of enterprise. The enterprise operates the network accordingto various policies, which may include location-dependent aspects. Forexample, access-control policies may depend on the locations of devicesaccessing services on the network. In various configurations, system100′ may include or make use of one or more LANs, MANs, WANs, PANsand/or Ethernet to the first mile (e.g., IEEE 802.3ah). In otherexamples of such a network, the physical and logical arrangement of thedevices can differ from that shown in FIGS. 1 and 8.

[0135] System 100′ includes various types of devices. Some devices arenetwork entry devices 114 c-j, generally 114, which provide access to aninfrastructure 101′ of system 100′ to user devices 104 c-l, generally104, or to external networks such as Internet 148 or telephone network132. The portion of system 100′ excluding user devices 104 and externalnetworks is referred to as network infrastructure 101′. Thisinfrastructure 101′ includes devices for switching and routing datawithin the system 100′, including one or more central switching devices136′ and computers that provide services in support of access to androuting of data in the system 100′, including an authentication server142, an application server 134′, and other servers such as a domain nameserver (not shown). In addition, system 100′ includes devices such as aprinter 122 and a fax machine 123 which have some characteristics ofboth user devices and of network infrastructure devices.

[0136] Network entry devices 114 provide access to networkinfrastructure 101′ over various types of transmission media, includingcable-based or wireless. The cable-based transmission medium caninclude, for example, twisted pair wires used for a 100-Base-T Ethernetlink. A cable-based transmission medium can also be a shared cable-basedtransmission medium that can connect more than two devices. For example,a coaxial cable used for 10-Base-2 Ethernet, telephone cables used forhigh-frequency (e.g., HomePNA) communication between multiple devices,and power lines used for data communication (e.g., HomePlug) betweendevices provide such shared cable-based transmission media.

[0137] Entry devices 114 together include a number of entry port modules(e.g., 113′ and 118), each associated with a different medium (e.g., acable and/or a portion of a radio spectrum). For instance, in system100′, entry port module 113′ of network entry device 114 f is connectedto user device 104 c by a dedicated cable-based transmission medium112′. Entry port module 118 of network entry device 114 g is connectedto user devices 104 d-f by a shared wireless transmission medium 119′.Entry port module 146 of network entry device 114 d is connected to userdevice 104 g by Internet 148 and shared transmission medium 152.Further, entry port modules 126, 128, and 130 of network entry device114 e may be connected to user device 104 h by telephone network 132 andby shared transmission media 154. Entry port modules 126, 128, and 130of network entry device 114 e may also be connected to user device 104 musing a cellular telephone (or PCS) tower 175, which is connected via abase station 178 to the telephone network 132 and the sharedtransmission media 154. Any of network entry devices 114 may be coupledby different port modules to both shared and dedicated transmissionmedia as well as cable-based and wireless transmission media.

[0138] Network entry devices 114 and end user devices 104 can come in awide array of configurations. For example, user devices 104 can includeindividual computers, printers, servers, cellular phones, laptops,handheld electronic devices, telephones, Internet Protocol(IP)-configured telephones, switch devices, and the like. Network entrydevices 114 can include, for example, switches, routers, hubs, bridges,repeaters, wireless access points, data communications equipment, servercomputers, modems, multiplexers, Private Branch Exchanges (PBXs),virtually any devices used to interconnect data equipment or enddevices, and the like. The discreet boundaries of infrastructure 101′are for illustration only. For example, system 100′ may include a serveroutside of the illustrated boundary while remaining logically part ofinfrastructure 101′. In another example, there may be a portion ofnetwork infrastructure 101′ connected to system 100′ located in a remotenetwork, such as Internet 148.

[0139] In any particular physical arrangement of system 100′, eachdevice (e.g., 104, 114) has a connection point (e.g., 160 c, 160 d, 160e, 160 f, and 160 g, generally 160). A connection point 160 is the placewhere an associated device connects to system 100′, and thus correspondsto the location of that device. For example, for devices communicatingvia a cable (e.g., 104 c, 104 g, 104 h, and 114 g), their connectionpoints (e.g., 160 o, 160 l and 160 k, and 160 n, respectively) representthe terminus of the cable (e.g., a wall jack) where the respectivedevices physically attach to make a connection to the network. Forexample, connection point 160 o represents the terminus of cable 112′.For wireless device 104 f, the transmission medium is air, so therespective connection point 160 m represents the location of thereceiver antenna receiving signals from the wireless device. For anyphysical arrangement of system 100′, each connection point 160 isassociated with a connection port in network infrastructure 101′ thatprovides connectivity to the rest of system 100′. For example, userdevice 104 c, which is attached to connection point 160 o (at the end ofmedium 112′), is associated with connection port 113′. Note that shouldthe physical arrangement of system 100′ change, for example, if medium112′ were disconnected from port 113′ and reconnected to a differentport in the same device or in a different device, the association of aconnection point and a connection port may change. As described above,maintaining an association of connection points and connection ports,particularly in generating connection point IDs, provides a way fordetermining locations of devices in the system 100′.

[0140] 5.1 Distributed Location Database

[0141] In some of the techniques/mechanisms described above, system 100employs a centralized location server 134 that contained location serverfunctionality and the location database. As an alternative to thecentralized system, the location-aware portion of system 100 can beimplemented as a distributed system. In examples of a distributedsystem, the location server functionality and the location database aredistributed among the devices of the network. In example distributedsystems, location module 185 exists in any one, a portion, or all of theexemplar devices of a network, including for example the entry devices(e.g., 114), a server (e.g., 142), a firewall (e.g., 140), and the like.As illustrated in FIGS. 1 and 8, some devices comprise a location module(e.g., 185 a-o, generally 185), whether in hardware, firmware, orsoftware, that can be configured to include different functionality andpieces of information, including location information. As describedbelow, for a distributed system example, devices both inside and outsidenetwork infrastructure 101 can optionally maintain location dependentinformation that affects their operation.

[0142] 5.1.1 Distributed Within the Network

[0143]FIGS. 1 and 8 illustrate location modules 185 in a portion of thedevices for example only. As described above, the informationrepresenting the location of a particular network device, or one or moredevices attached to a particular network device, may be preloaded intolocation module 185 as a database. The location database at each devicecan be the entire location database of system 100, or a portion of thelocation database. In particular, the portion of the database includedin the location module 185 of the device can be a portion with thoselocations applicable to that particular device. For example, all of theconnection points associated with the ports of a particular networkentry device. Alternatively, location module 185 may include anupdateable table that changes with additions or deletions to system 100and/or movement of devices associated with system 100. Location module185 can include location information and can be configured to measure,calculate, infer, search, and/or otherwise acquire information toprovide one or more of the detailed mechanisms/techniques describedherein. Location module 185 also can be configured to be an accesscontrol module that enables regulation (e.g., policing) of access tonetwork-based data, applications, QoS, ToS, bandwidth, and the like,based on device location information.

[0144] For example as illustrated in FIG. 4, for the distributed system,location modules 185 are configured to include device location as arequirement to permit access to network-based information, applications,rate service, rate type, and the like. With such a distributed system,each network entry device (e.g., 114) becomes a quasi-authenticationserver. As illustrated in FIG. 6, location modules 185 are configured toinclude means for tagging location-sensitive information/data and actingon that tag accordingly. Each location module 185 also can enableidentification of the location of a communicating device for the purposeof providing security, safety, or other services described above.

[0145] For the distributed example, location server functionality can bepart of any network device, management station, or server/authenticationserver. The location server functionality may be co-located within aswitch or network device (e.g., 114) through which a user devicecommunicates. In a distributed system, devices can include functionalityin their respective location modules 185 to be both a location clientand a location server. In remote offices, a router that connects theremote office to the home office can comprise the location serverfunctionality, as it may need to provide location information for E911applications, for example. In other applications, such as an enterprisecampus networks, the location server functionality may be part of anenhanced IP address management system such as a Dynamic HostConfiguration Protocol (DHCP) server as well as a dedicated locationprovisioning system.

[0146] The following is a list of a few possible devices (but notlimited to only those devices) that can contain the location serverfunctionality: network switches, data switches, routers, firewalls,gateways, computing devices such as network file server or dedicatedlocation servers, management stations, network connected voice overIP/voice over data systems such as hybrid PBXs and VoIP call managers,network layer address configuration/system configuration servers such asenhanced DHCP servers, enhanced Bootstrap Protocol (bootp) servers, IPv6address auto-discovery enabled routers, and network based authenticationservers providing services such as radius, extensible authenticationprotocol/IEEE 802.1X or others.

[0147] In one example, to provide the distributed location databaseswith location information, system 100 employs a Simple NetworkManagement Protocol (SNMP). A network administrator provisions thelocation information of the terminus of a network cable in the SNMPifDescr variable (e.g., the ifDescr is a read only attribute, but manysystems allow a network operator to “name” a port, which then will bedisplayed in this field). The location server functionality of a devicereads the terminus information via the SNMP.

[0148] As described above, the location client attempts to learn itsgeographic location and/or identifies itself to another device with aneed to know the client's location. An advanced location client can alsoreceive its operational configuration from a location aware network(e.g., from a location server configured to additionally provideconfiguration information). The location client communicates with anynetwork element and discovers its connection point ID through one ofmany possible methods described herein. Once the location client knowsits connection point ID, it can contact a location server to discoverits actual location, or to register itself with the location server,which can act as a proxy for other communication entities seeking todiscover the location of the location client. It is also possible for alocation server to be a communication system that may modify thelocation client's communication traffic with the device's locationinformation.

[0149] The following is a list of a few possible devices (but notlimited to) that can contain a location client: network switches,routers, firewalls, gateways, computing devices such as a network fileserver or end user computing devices, personal digital assistants, smartappliances (toaster, refrigerator or coffee pot with networkconnectivity), network connected voice over IP/voice over data systemssuch as hybrid PBXs and VoIP call managers or voice over IP/datahandsets.

[0150] 5.1.2 Distributed Outside of the Network

[0151] In addition to their being distributed among the devices ofsystem 100, system 100 can employ location information from a trusteddatabase that is external to the network and/or a trusted databasemaintained by a third-party. As described above, system 100 can assign alevel of trust for all of the location information obtained from adatabase external to system 100. For example, in the telephone networkexample, where the unique connection point ID can be a telephone number,the location server functionality, either in location server 134 or anyof the distributed functionality in the location modules 185, canreference a white-pages type database to retrieve an address for thetelephone number. If the address is not a location format recognized bya location-aware application, the location server functionality canreference another third-party database to convert the address tolatitude and longitude coordinates, for example. Further granularitymaybe obtained. For example, for a home business, an address may havetwo phone numbers associated with it, a business phone number and aresidential phone number. The location of the connection pointidentified with the business phone number is in the room established asthe home office. This may be located on one floor of the house,providing altitude coordinates also. The location of the connectionpoint identified with the residential phone number is in the roomcontaining the family personal computer. This may be located on anotherfloor of the house. Similarly, the location server functionality canobtain an address, a room, and/or geographical coordinates where theconnection point is a cable endpoint connected to a cable modem and theIP address is associated with an address of the subscriber. System 100can use any available resources to update the location information ofparticular connection points, assigning the appropriate level of trustbased on the trustworthiness of that third party source.

[0152] 5.2 Use of a Location Advertising System in a Distributed Network

[0153] In one distributed example, system 100 employs a locationadvertising system to communicate information among the devices. Alocation advertising system comprises a networking device thatprovisions and/or advertises device location information and/orconfigurations to a location client device over the network, typicallyusing a layer 2 or layer 3 protocol (e.g., a neighbor discoveryprotocol). The location advertising system also comprises devices towhich location client devices may connect via the network. An example ofa location advertising system device can include a location advertisingswitch, which is a device, such as a data switch operating as a layer 2or layer 3 LAN switch. Another example of a location advertising systemdevice can include a location advertising router, referred to sometimesas an automated configuration server, which comprises a network router.This device can also comprise a branch office router that can provide aconfiguration to a LAN switch and/or a wireless access point in a remoteenterprise office. Other devices in the location advertising system caninclude a wireless LAN access point, a virtual private network system, atunnel server, a remote client, a gateway and/or the like. A deviceacting as a location advertising system may distribute locationinformation based on various coordinate systems or textualrepresentations of a physical location. A device in the locationadvertising system, when it is a device that has location clientsphysically connected to it via physical cables, contains a database ofconnection points that correspond to a physical network access port andthe corresponding geographic location information of the terminus of thenetwork cable connected to that port, similarly as described above.Although presented in the context of a distributed system, the locationadvertising system can also be implemented in a centralized system usinga centralized location server as described above.

[0154] When system 100 employs a LAN Switch in its location advertisingsystem, system 100 not only provides location and configurationinformation to a location client device, but it also can automaticallymap network policies to the port where the location client device isconnected. This policy may be provisioned on the location advertisingswitch as soon as the location client is detected or policy provisioningmay be enabled only after the location client is properly configured andverified. This feature is referred to as self-enabled policy.

[0155] When a location advertising system comprises a wireless LANaccess point, the network maps location and configuration information toa device specific identification, IEEE MAC address as an example, andthe IEEE 802.11 association ID present during the operation of thewireless network. The network maps the location coordinates to theassociation ID. As wireless networks afford client devices totalmobility, the system employs techniques, such as the techniquesdescribed above for example, to triangulate the coordinates of thelocation client at any instance. The location database can be dynamic innature as the client's coordinates can potentially change veryfrequently.

[0156] 5.2.1 Specific Examples Using a Location Advertising System

[0157] One example of automated network management employing thelocation advertising system is the configuration of Voice over IPhandsets with a neighbor discovery protocol in a data network. Voiceover IP handsets typically are designed to communicate with Ethernetswitches and can require complex configurations. Networks with thelocation advertising system can integrate neighbor discovery protocolswith Voice over IP handsets to provide configuration information to thehandset, discover inventory information to be stored on the connectionpoint switch, and automatically configure the ports' parameters on theconnection point switch/access platform.

[0158] The automated voice handset configuration system in this examplecan provide the voice handset with several parameters. For example, thesystem can provide VLAN membership and classification rules for voiceand/or fax payload and control traffic. The system can also provide VLANmembership and classification rules for non-voice payload and controltraffic. The system can also provide the IEEE 802.1Q prioritizationpacket marking information of voice payload and control traffic. Thesystem can also provide the IEEE 802.1Q prioritization packet marking ofnon-voice payload and control traffic. The system can also provide theIP type of service field markings for the voice payload traffic. Thesystem can also provide the IP type of service field marking for faxpayload traffic. The system can also provide the IP type of servicefield marking for voice/fax control traffic. The system can also providethe Internet address for the voice entity contained in the VoIP phone.The system can also provide the ANSI LIN (Location IdentificationNumber). The system can also provide the geographic location of thehandset with geodesic information or any other geographical coordinatesystem including elevation or relative location information.

[0159] For illustration of this specific example, let user device 104 c(FIG. 8) represent a VoIP handset and network entity device 114 frepresents a LAN switch. The LAN switch 114 f includes locationadvertising system functionality, for example, as part of locationmodule 185 n. The LAN switch 114 f also includes an expanded database inlocation module 185 that includes inventory information, geographicinformation and configuration information. In operation, the Voice overIP handset 104 c boots and starts sending out neighbor discover protocolpackets. These packets trigger the LAN switch 114 f to which the VoIPhandset 104 c connects to start sending neighbor discovery protocolpackets. The LAN switch 114 f responds back to the voice handset 104 cwith the following configuration information obtained from its expandeddatabase: IEEE 802.1Q priority marking configuration, IEEE 802.1Q VLANmembership configuration rules, Internet protocol type ofservice/differentiated services marking rules, the IP address of thevoice call managers/IP PBX/IP voice switch which the voice handset 104 cneeds for normal operation, and the ANSI LIN. The LAN Switch 114 fenables policy management configurations on the port where the switchconnects (e.g., self enabled policy). The voice handset 104 c continuesto utilize the neighbor discovery protocol to continue to advertise itsdevice specific information. This device specific information caninclude, for example, model number, device type, IP address, deviceserial number, microcode version utilized by the handset, and the like.The LAN switch 114 f decodes this device specific information from theneighbor discovery protocol packets sent by the voice handset 104 c andrecords the advertised information to a local or remote networkmanagement database. The system 100′ uses this information to supportinventory management and device location applications.

[0160] Another specific example of automated network managementemploying the location advertising system involves the use of networkLAN switches in a campus or enterprise network as a vehicle to configurewiring closet switches or wireless access points. In many enterprisenetworks, the IT organization spends a great deal of time and resourcesconfiguring access switches or wireless LAN access points that act asthe primary network entry device for network users. These network entrydevices normally are provisioned with simple configurations, butoccasionally a minor misconfiguration can cause many problems in theoperation of a data network. A network with the location advertisingsystem frees network administrators from worrying about the validity ofnetwork devices as backbone network switches provision network accessswitches and routers with the appropriate configuration based on wherethey connect to the network.

[0161] For illustration of this specific example, let network entrydevice 114 f (FIG. 8) represent a wiring closet or a user access switchacting as a configuration client. In this environment, the user switch114 f is configured to participate as a location client (e.g., includeslocation client functionality in location module 185 n). The locationclient 114 f is connected to network infrastructure 101′ via connectionsto network entry device 114 c, network entry device 114 g, and centralswitching device 136′. Any of those other devices (i.e., network entrydevice 114 c, network entry device 114 g and central switching device136′) can act as a location advertising system switch and broadcastlocation, configuration, and other information to the network entrydevice 114 f, in this example, the location client.

[0162] To determine its physical location, device 114 f receiveslocation information from each of its neighboring devices, 114 c, 114 g,and 136′. Device 114 c determines that since neighboring device 114 f isconnected to connection point 160 u, device 114 c is located at locationX1, Y1 and transmits the location information to device 114 f.Similarly, device 114 g determines that since neighboring device 114 fis connected to connection point 160 v, device 114 c is located atlocation X2, Y2 and device 136′. determines that since neighboringdevice 114 f is connected to connection point 160 w, device 114 c islocated at location X3, Y3. Device 114 c receives the coordinates fromeach of its neighboring and compares them with each other to determine,with a statistical level of confidence what its actual physical locationis. This level of confidence can be translated into a level of trust toassociate with the calculated physical location based on the receiveddata. For example, if all three neighboring devices provide the samecoordinates, then system 100′ can associate the highest value for thelevel of trust with that physical location.

[0163] To determine configuration, any combination of the other devices(i.e., network entry device 114 c, network entry device 114 g, andcentral switching device 136′) advertises configuration parameters tolocation client 114 f. The configuration parameters can include, forexample, the following attributes: IP address of the user access switch,IP subnet mask of the user access switch, default IP route of the useraccess switch, SNMP trap destination IP address, SNMP read onlycommunity string, SNMP read-write community string, default VLAN ID onuser ports, default IEEE priority mark for user access traffic, IEEE802.1D spanning tree enabled or disabled, IEEE 802.1W rapid spanningtree enable or disable, enable IEEE 802.1X authentication on user ports,enable IEEE 802.1Q VLAN tagging on ports to data center/configurationprovisioning switch, geographic coordinates of the terminus of the datacable connected to this port, and the like. Table 4 illustrates anexample of some entries that can be included in an expanded locationdatabase in this location advertising system example. In this example,the first five columns from the left (i.e., entry port to geographiclocation, inclusive) represent information provisioned on the locationclient. The last two columns from the left (i.e., client switch IPaddress and serial number) represent information obtained/learned fromthe location client. TABLE 4 Default Enable Tagging Geographic VLAN IDon the Port where Location of Client Entry on User Default location datais Cable Switch IP Serial Port Ports Priority Received Terminus AddressNumber 1 1024 0 TRUE Lat X1, Long 1.1.2.1 xxxxxx1 Y1, Alt Z1 2 1024 0TRUE Lat X2, Long 1.1.2.2 xxxxxx2 Y2, Alt Z2 3 1025 0 TRUE Lat X3, Long1.1.3.1 xxxxxx3 Y3, Alt Z3 4 1026 0 TRUE Lat X1, Long 1.1.4.1 xxxxxx4Y4, Alt Z4

[0164] It is also possible for the location advertising system in theprovisioning switch to provide a temporary Internet address and/or theunified resource locator (URL) to a network attached location databasewhere the location client can retrieve a more advanced configurationfile. For example, see entries 6, 8, and 10 of Table 3 above. Theconfiguration file can be retrieved via standard mechanisms such astrivial file transfer protocol or Internet file transfer protocol.

[0165] Another specific example of automated network managementemploying the location advertising system is the provisioning of a basicswitch configuration for local and wide area routers in a branch office.In this example, the network employs a branch office router and aregional office as part of its location advertising system. In oneexample of the operation described below, the user access switch is abranch office router and the data center switch is a regional officerouter. In another example of the operation described below, the useraccess switch is a network entry device in the branch office and thedata center switch is a branch office router.

[0166] In operation, a user access LAN switch boots and starts sendingout neighbor discover protocol packets. These packets will trigger thedata center LAN switch/location advertising switch to which the locationclient connects to start sending neighbor discovery protocol packets.The data center switch/location advertising switch advertises theconfiguration associated with the port to which the location client/useraccess switch connects. This enables policy management configurations onthe port to which the switch connects (e.g., self enabled policy). Theuser access switch continues to transmit neighbor discovery protocolpackets to update the data center switch with inventory information,which can be accessed by a network management system.

[0167] 5.3 Format of Location

[0168] The format of location information can vary in different versionsof the system. The examples above illustrate some of the formats forlocation information. The following formats are included as additionalexamples. The location information may be established as grid or mapcoordinates on a defined map coordinate system. For example, thelocation information can be considered absolute (e.g., latitude x bylongitude y, GPS location, Loran, Loran C, military grid), regional(e.g., Massachusetts, building 1, the third floor), relative (e.g., xfeet from door y on floor z, office five on floor 3, on a 30-degreeradial from point A), and/or aircraft systems, such as Very HighFrequency (VHF) Omnidirectional Range (VOR) or Emergency Location System(ELS). It is to be noted that GPS locating would include satellite andground-based stations. The location information may be threedimensional, including elevation above sea level or above some definedposition. The location information can include a fourth dimension,accuracy indicator, as required by the federal communications commissionfor emergency E911 interoperability. The location information also caninclude a location identification number as required by the federalcommunications commission for emergency E911 interoperability. Thelocation information can be typed as numerical, string and the like.

[0169] 5.4 Communicating Location Information (FIGS. 1 and 8)

[0170] To transmit location and other information among devices, thedevices can communicate with each other using a variety of protocols,which can be based on the specific network solution considered. Theexamples above illustrate some of the protocols used to exchangeinformation. The following protocols are included as additionalexamples. The devices can employ the Internet Protocol (either version 4or 6). A high layer protocol can be used based on how system 100distributes the location information. For example, if system 100 storesthe location information as tables or files, system 100 can employ ahigh layer protocol such as Light Weight Directory Access Protocol(LDAP) to access and transmit location information between devices. Ifsystem 100 stores the location information as databases, system 100 canemploy a high layer protocol such as, Structured Query Language (SQL) orOpen Database:Connectivity (ODBC) to interact with devices over theInternet Protocol.

[0171] The devices also can use a Layer 2 protocol, or a protocol thatdoes not rely on having an IP address to communicate. This enables thedevices to define the network layer address, and enables two devices tocommunicate on networks not operating with the Internet Protocol. Thedevices can also employ Extensible Authentication Protocol (EAP) or IEEE802.1X to communicate with each other. The devices can also communicateusing proprietary protocols that ride over IP (or other Layer 3protocols) or MAC layer protocols.

[0172] For illustration, an example in the specific examples of locatingdevices section above employs IEEE Bridge Spanning Tree Protocol. Thatexample can be illustrated using other protocols also. For example, inanother example, system 100 employs a proprietary network neighbordiscovery protocol, Cabletron Discovery Protocol (CDP) by EnterasysNetworks, Inc. of Rochester, N.H. In a CDP example, network devicesutilize this protocol to provide neighbor discovery. A CDP discoverypacket is sent (step 305 (FIG. 3)) at defined intervals out of all portswith such discovery enabled. The location client receives (step 310(FIG. 3)) the discovery packets and decodes the device ID field. In aCDP discovery packet in particular, the device ID field is based on theprimary switch MAC address with the SNMP ifIndex of the port from whichthe packet was sent. Using that decoded information, the location clientdetermines (step 315 (FIG. 3)) that the connection point ID={PrimarySwitch MAC}+{CDP Sourcing Port's ifIndex}.

[0173] The system 100 can employ a combination of protocols to furtherautomate the techniques above. One example employing a combination ofprotocols is an automated technique that populates the locationdatabase, whether centralized or distributed, with connection point IDs.Both the CDP and the IEEE Spanning Tree Protocol have IETF SNMPManagement Information Bases (MIB) associated with them. The locationserver, when enabled with a SNMP client, can generate a list ofconnection point IDs in the network environment.

[0174] In environments where IEEE Spanning Tree Protocol is themechanism used to discover a location client's connection point ID, thenetwork can use the IETF dot1dBridge MIB. The network uses thedot1dBaseBridgeAddress MIB object to define the unique switchidentification. The network can derive the MAC address of the physicalport by polling the dot1dBasePortifIndex MIB object. This MIB objectcorresponds to the ifIndex pointer in the IETF SNMP MIB 2 Interface MIB.By looking up the ifPhysAddress MIB object by knowing the ifIndex, thenetwork management device is able to populate the Connection ID list(e.g., IEEE 802.1D Connection ID=Switch Base MAC Address+Port MACAddress).

[0175] When utilizing CDP as the protocol to detect a Connection ID, thenetwork can generate the connection list by polling certain SNMPvariables. The network uses the dot1dBaseBridgeAddress MIB object todefine the unique switch id. The network derives the MAC address of thephysical port by polling the dot1dBasePortifIndex MIB object. This MIBobject corresponds to the ifIndex pointer in the IETF SNMP MIB 2Interface MIB (e.g., CDP Connection ID=Switch Base MAC+ifIndex).

[0176] In some examples, it is possible for network switches to storelocation information for each switch port using SNMP. A voice handsetMIB allows the switch to store the ANSI LIN number for each port. Thisnetwork can provision this information in the switch via SNMP sets orlocal command line configuration. This network can poll and/or map thisinformation to the connection point ID information.

[0177] 5.5 Other Miscellaneous Variations

[0178] Other variations of the above examples can be implemented. Thelevel of trust in the examples above is described as a discretenumerical value. One example variation is that system 100 can employstring types and fuzzy logic techniques to implement the level of trust.For example, the levels of trust can be very trustworthy, trustworthy,not too trustworthy, neutral, untrustworthy and very untrustworthy.

[0179] Another example variation is that the illustrated processes mayinclude additional steps. Further, the order of the steps illustrated aspart of processes is not limited to the order illustrated in theirfigures, as the steps may be performed in other orders, and one or moresteps may be performed in series or in parallel to one or more othersteps, or parts thereof. For example, user verification and locationverification may be performed in parallel.

[0180] Additionally, the processes, steps thereof and various examplesand variations of these processes and steps, individually or incombination, may be implemented as a computer program product tangiblyas computer-readable signals on a computer-readable medium, for example,a non-volatile recording medium, an integrated circuit memory element,or a combination thereof. Such computer program product may includecomputer-readable signals tangibly embodied on the computer-readablemedium, where such signals define instructions, for example, as part ofone or more programs that, as a result of being executed by a computer,instruct the computer to perform one or more processes or acts describedherein, and/or various examples, variations and combinations thereof.Such instructions may be written in any of a plurality of programminglanguages, for example, Java, Visual Basic, C, or C++, Fortran, Pascal,Eiffel, Basic, COBOL, and the like, or any of a variety of combinationsthereof. The computer-readable medium on which such instructions arestored may reside on one or more of the components of system 100described above and may be distributed across one or more suchcomponents.

[0181] A number of examples to help illustrate the invention have beendescribed. Nevertheless, it will be understood that variousmodifications may be made without departing from the spirit and scope ofthe invention. Accordingly, other embodiments are within the scope ofthe following claims.

What is claimed is:
 1. A method comprising, generating data includingrestrictive routing information based on physical location.
 2. Themethod of claim 1 further comprising transmitting the data in accordancewith the restrictive routing information.
 3. The method of claim 1further comprising destroying the data if a network device receiving thedata is located at a restricted physical location in accordance with therestricted routing information.
 4. The method of claim 1 furthercomprising prohibiting the data from being transmitted to a networkdevice located at a restricted physical location in accordance with therestricted routing information.
 5. The method of claim 1 furthercomprising prohibiting the data from being accessed by a client devicelocated at a restricted physical location in accordance with therestricted routing information.
 6. The method of claim 1 wherein therestricted routing information comprises a prohibited physical location.7. The method of claim 1 wherein the restricted routing informationcomprises a permitted physical location.
 8. The method of claim 1wherein the data comprises a data packet.
 9. The method of claim 1wherein the data comprises a file.
 10. The method of claim 1 wherein thedata comprises a document.
 11. A method comprising: receiving data at afirst network device; and routing the data to a second network devicebased on a policy determined using location information.
 12. A systemcomprising: network devices with associated physical locations; and datawith restrictive routing information based on physical location.
 13. Thesystem of claim 12 further comprising a physical location serverincluding a storage module configured to store the associations ofnetwork devices with their respective physical locations.
 14. The systemof claim 12 wherein each network device includes a storage moduleconfigured to store the association of that particular network devicewith its respective physical location.
 15. The system of claim 12wherein each network device includes a location module configured totransmit the data in accordance with the restrictive routinginformation.
 16. The system of claim 12 wherein each network deviceincludes a location module configured to destroy the data if therespective network device receiving the data is located at a restrictedphysical location in accordance with the restricted routing information.17. The system of claim 12 wherein each network device includes alocation module configured to prohibit the data from being transmittedto another network device located at a restricted physical location inaccordance with the restricted routing information.
 18. The system ofclaim 12 wherein each network device includes a location moduleconfigured to prohibit the data from being accessed by a client devicelocated at a restricted physical location in accordance with therestricted routing information.
 19. The system of claim 12 wherein therestricted routing information comprises a prohibited physical location.20. The system of claim 12 wherein the restricted routing informationcomprises a permitted physical location.
 21. The system of claim 12wherein the data comprises a data packet.
 22. The system of claim 12wherein the data comprises a file.
 23. The system of claim 12 whereinthe data comprises a document.
 24. Data comprising restrictive routinginformation based on physical location.
 25. The data of claim 24 furthercomprising a header that includes the restricted routing information.26. The data of claim 24 wherein the restricted routing informationcomprises network layer information.
 27. The data of claim 24 whereinthe restricted routing information comprises transport layerinformation.
 28. The data of claim 24 wherein the restricted routinginformation identifies prohibited physical locations.
 29. The data ofclaim 24 wherein the restricted routing information identifies permittedphysical locations.
 30. The data of claim 24 further comprising a datapacket.
 31. The data of claim 24 further comprising a file.
 32. The dataof claim 24 further comprising a document.